Fails to connect to openVPN

[jgmGit]

I have an open vpn setup using openvn in an oracle vm, the setup is like as follows. https://blogs.oracle.com/developers/post/launching-your-own-free-private-vpn-in-the-oracle-cloud

I can connect to it with the openvpn client without issues. But when i use the addon I get the following error.

I am using version 7.0.3 of the plugin and this is my openssl version

OpenSSL 3.1.2 1 Aug 2023 (Library: OpenSSL 3.1.2 1 Aug 2023)

LibreELEC:~/.kodi/addons/service.vpn.manager # openvpn UserDefined/user@profile.ovpn
2023-08-28 17:15:57 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2023-08-28 17:15:57 WARNING: file '/storage/.kodi/addons/service.vpn.manager/UserDefined/pass.txt' is group or others accessible
2023-08-28 17:15:57 OpenVPN 2.6.6 armv7ve-libreelec-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-08-28 17:15:57 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-08-28 17:15:57 TCP/UDP: Preserving recently used remote address: [AF_INET] ipaddress:1194
2023-08-28 17:15:57 UDPv4 link local: (not bound)
2023-08-28 17:15:57 UDPv4 link remote: [AF_INET] ipaddress:1194
2023-08-28 17:16:01 Server poll timeout, restarting
2023-08-28 17:16:01 SIGTERM[soft,server_poll] received, process exiting

[stuckinthe]

I upgraded my system to the latest arch and it is using OpenSSL 3.0. My previous debian based was using OpenSSL 1.0. I had no problem ever connecting. With OpenSSl 3.0, I was seeing the same error cipher set to 'AES-256-CBC' but missing in --data-ciphers and it wouldn't connect. The kodi plugin starts openvpn by running the command openvpn /path/to/ovpn/file. I ended up modifying the code to so that now I have openvpn --config /path/to/ovpn/file --data-ciphers AES-256-CBC and now I am able to connect. I am unable to generate new certs with my VPN provider. Maybe the developer can comment on the best way to handle this.

[Zomboided]

All you're doing is passing a new parameter to openvpn rather than adding it to the ovpn file. If you're using User Defined, then edit the ovpn files. If you're using a specific VPN provider then get an ovpn file from them and use the User Defined import wizard. If they're not sharing those, get a new VPN provider..... If you want to persist with old definitions for a given provider then you can use the APPEND.txt or override the TEMPLATE.txt https://github.com/Zomboided/service.vpn.manager/wiki/10.-Updating-VPNs. This would achieve the same as what you've done above.

On Wed, Nov 8, 2023 at 6:01 AM stuckinthe @.***> wrote:

I upgraded my system to the latest arch and it is using OpenSSL 3.0. My previous debian based was using OpenSSL 1.0. I had no problem ever connecting. With OpenSSl 3.0, I was seeing the same error cipher set to 'AES-256-CBC' but missing in --data-ciphers and it wouldn't connect. The kodi plugin starts openvpn by running the command openvpn /path/to/ovpn/file. I ended up modifying the code to so that now I have openvpn --config /path/to/ovpn/file --data-ciphers AES-256-CBC and now I am able to connect. I am unable to generate new certs with my VPN provider. Maybe the developer can comment on the best way to handle this.

— Reply to this email directly, view it on GitHub https://github.com/Zomboided/service.vpn.manager/issues/405#issuecomment-1801143711, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECJZZMKRZ2HVOKHLIJTZMDYDMNZ5AVCNFSM6AAAAAA4BSWJKGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRGE2DGNZRGE . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[stuckinthe]

I had it in the ovpn file but it wouldn't connect so I commented it out and edited the code to add the switch to the openvpn command. I submitted a ticket to me provider as I figure I need a different key. They just deleted my ticket from the system hence the reason I edited the code. I probably should change but it is hard to decide who is any good at a reasonable price most "reviews" are filled with affiliate links.