Page MenuHomeVyOS Platform

Confirmed, HighPublicBUG


based on this post in our forum , openvpn seems to deprecate this option --cipher move to --data-ciphers

in our config-file should add this new option :

data-ciphers AES-256-CBC

it was added 2.5 based on documentation


Difficulty level
Unknown (require assessment)
VyOS 1.4-rolling-202308060317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Package upgrade

Event Timeline

I confirm this warning message , although, on Linux doesn't affect or at least with our server/client work as expected :

show log openvpn
 OpenVPN connection to vtun10...
Aug 18 19:20:38 openvpn-vtun10[1766]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Aug 18 19:20:38 openvpn-vtun10[1766]: OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 


it is because 2.6 change default chiper to AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

fernando changed the task status from Open to Confirmed.Aug 18 2023, 8:07 PM
fernando changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
fernando changed Issue type from Unspecified (please specify) to Package upgrade.