Fixing OpenVPN "Authenticate/Decrypt packet error: cipher final failed"

When connecting to a VPN I was constant getting the error

Mar  8 09:29:27 openvpn[1696]: Authenticate/Decrypt packet error: cipher final failed

I had imported the supplied ovpn file and had followed all the other configuration steps, so this was quite frustrating. Then I saw this in the logs:

Mar  8 09:31:07 openvpn[1790]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'

Changing my client to use "cipher AES-256-CBC" instead of the default (which apparently was cipher BF-CBC) fixed the issue.


Alex said…
It was really helpfull, and decreased the times I have such error. But sometimes I still have "AEAD Decrypt error: cipher final failed" error on server and "Authenticate/Decrypt packet error: packet HMAC authentication failed" on client. I cannot find the root issue and don't see any dependency. The openVPN server restart helps me to fix it temporarily.
Anonymous said…
Thank you. This was posted 4 years ago, and still seems to be relevant.
I've been using an OpenVPN server on a Synology NAS for over 2 years now and suddenly, a day ago, it started failing with the same error. My client is an OSX TunnelBrick client. Adding the cipher explicitly to my client configuration seems to have solved it.
Anonymous said…
Thank you for the solution. Finally OpenVPN works on my old router (WRT54GL v1.1 using Tomato: 1.28.7636 Toastman-IPT-ND ND VPN).
Unknown said…
Still relevant in 2020
Anonymous said…
Yes, still relevant in 2020 =D
lena said…
This comment has been removed by the author. said…
The overall look of your web site is great, as well as the content!Feel free to visit my website;
Its like you learn my thoughts!
Van said…
Greeat reading

Popular posts from this blog

MinHash for dummies

Authenticating via Kerberos with Keycloak and Windows 2008 Active Directory