search

kota65535 / github-openvpn-connect-action

GitHub Action for connecting to OpenVPN server.
MIT License
88 stars 54 forks source link

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-128-GCM) #41

Open marcuscvj opened 1 year ago

marcuscvj commented 1 year ago

I'm trying to connect to a VPS using OpenVPN with this solutions. However I stumble upon this error and I'm not sure what it means and what to do to fix it:

=========== end configuration ===========
running command: sudo openvpn --config ./.github/openvpn/config.ovpn --daemon --log openvpn.log --writepid openvpn.pid
Warning: 2023-02-28 16:23:40 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).

Error: 2023-02-28 16:23:40 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Options error: If you use one of --cert or --key, you must use them both
Use --help for more information.

Error: command: sudo openvpn --config ./.github/openvpn/config.ovpn --daemon --log openvpn.log --writepid openvpn.pid returned 1
kota65535 commented 1 year ago

What are the versions of the OpenVPN server and client you are using?

marcuscvj commented 1 year ago

When testing this with OpenVPN locally on my computer it says OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023. The server I do not know unfortunately. Is that something I need to check with our sysadmin?

However, that depricated message seems not to be stopping OpenVPN to connect, however in the GitHub actions it stops it at that message and throws it as an error.

kota65535 commented 1 year ago

The reason this GitHub Action stopped is the openvpn command returns non-zero value. However deprecation warnings are generally not errors, so it is expected to continue running. Could you try changing your configuration to suppress the warning?

aiell0 commented 1 year ago

@marcuscvj in case anyone else is stuck on this, you need to change your client.ovpn file where it says:

cipher: AES-256-CBC

to

data-ciphers-fallback AES-256-CBC

that fixed it for me :)

More information can be found here