Closed gabrielwhite closed 1 month ago
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
So, is it possible that gluetun isn't passing my cipher specification correctly using OpenVPN 2.6?
Gluetun alread uses data-ciphers
(see https://github.com/qdm12/gluetun/blob/ce642a6d8b079d9a8cf7959171e27ee8b95517d0/internal/provider/utils/cipher.go#L14). That was also the case for 2.5.
TorGuard doesn't accept AES-128-GCM, only AES-128-CBC
Oddly, in the default config in Gluetun, the only cipher is aes-256-gcm. Are you sure it only supports aes-128-cbc in their openvpn configuration files?
All in all, it seems like cipher are not set properly in openvpn 2.6, I'll have a look 🤔
I can generate a config with AES-128-GCM on the TorGuard website, but the only way I can successfully connect with GlueTun is using 128-CBC. Here's a generated config:
client
dev tun
proto udp
remote ch.torguard.com 1195
remote-cert-tls server
auth SHA256
key-direction 1
setenv CLIENT_CERT 0
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
Redacted
-----END OpenVPN Static key V1-----
</tls-auth>
resolv-retry infinite
ignore-unknown-option block-outside-dns ncp-disable compress
nobind
cipher AES-128-GCM
auth-user-pass
tun-mtu-extra 32
<ca>
-----BEGIN CERTIFICATE-----
Redacted
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Redacted
-----END CERTIFICATE-----
</ca>
When I specify AES-256-GCM I get this error
2024-05-09T11:36:26-04:00 INFO [openvpn] Error: negotiated cipher not allowed - AES-128-GCM not in AES-256-GCM
I checked and the ciphers are set properly for Openvpn 2.6. Now it looks like Torguard's VPN server only proposes AES-128-GCM (at least for openvpn 2.6 clients), so anything else would fail. And what error do you get when trying with AES-128-GCM?
Also, since you shared that OpenVPN configuration, can you share what the CA values are (these are public). Right now in Gluetun it's set to
MIIDMTCCAhmgAwIBAgIJAKnGGJK6qLqSMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCVRHLVZQTi1DQTAgFw0xOTA1MjExNDIzMTFaGA8yMDU5MDUxMTE0MjMxMVowFDESMBAGA1UEAwwJVEctVlBOLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv0UgPD3xVAvhhP6q1HCmeAWbH+9HPkyQ2P6qM5oHY5dntjmq8YT48FZGHWv7+s9O47v6Bv7rEc4UwQx15cc2LByivX2JwmE8JACvNfwEnZXYAPq9WU3ZgRrAGvA09ItuLqK2fQ4A7h8bFhmyxCbSzP1sSIT/zJY6ebuh5rDQSMJRMaoI0t1zorEZ7PlEmh+o0w5GPs0D0vY50UcnEzB4GOdWC9pJREwEqppWYLN7RRdG8JyIqmA59mhARCnQFUo38HWic4trxFe71jtD7YInNV7ShQtg0S0sXo36Rqfz72Jo08qqI70dNs5DN1aGNkQ/tRK9DhL5DLmTkaCw7mEFQIDAQABo4GDMIGAMB0GA1UdDgQWBBR7DcymXBp6u/jAaZOPUjUhEyhXfjBEBgNVHSMEPTA7gBR7DcymXBp6u/jAaZOPUjUhEyhXfqEYpBYwFDESMBAGA1UEAwwJVEctVlBOLUNBggkAqcYYkrqoupIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAE79ngbdSlP7IBbfnJ+2Ju7vqt9/GyhcsYtjibp6gsMUxKlD8HuvlSGj5kNO5wiwN7XXqsjYtJfdhmzzVbXksi8Fnbnfa8GhFl4IAjLJ5cxaWOxjr6wx2AhIs+BVVARjaU7iTK91RXJnl6u7UDHTkQylBTl7wgpMeG6GjhaHfcOL1t7D2w8x23cTO+p+n53P3cBq+9TiAUORdzXJvbCxlPMDSDArsgBjC57W7dtdnZo7gTfQG77JTDFBeSwPwLF7PjBB4S6rzU/4fcYwy83XKP6zDn9tgUJDnpFb/7jJ/PbNkK4BWYJp3XytOtt66v9SEKw+v/fJ+VkjU16vE/9Q3h4=
But there seems to be another one?
Here are two the certificates in the configuration:
<ca>
-----BEGIN CERTIFICATE-----
MIIDMTCCAhmgAwIBAgIJAKnGGJK6qLqSMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
BAMMCVRHLVZQTi1DQTAgFw0xOTA1MjExNDIzMTFaGA8yMDU5MDUxMTE0MjMxMVow
FDESMBAGA1UEAwwJVEctVlBOLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAlv0UgPD3xVAvhhP6q1HCmeAWbH+9HPkyQ2P6qM5oHY5dntjmq8YT48FZ
GHWv7+s9O47v6Bv7rEc4UwQx15cc2LByivX2JwmE8JACvNfwEnZXYAPq9WU3ZgRr
AGvA09ItuLqK2fQ4A7h8bFhmyxCbSzP1sSIT/zJY6ebuh5rDQSMJRMaoI0t1zorE
Z7PlEmh+o0w5GPs0D0vY50UcnEzB4GOdWC9pJREwEqppWYLN7RRdG8JyIqmA59mh
ARCnQFUo38HWic4trxFe71jtD7YInNV7ShQtg0S0sXo36Rqfz72Jo08qqI70dNs5
DN1aGNkQ/tRK9DhL5DLmTkaCw7mEFQIDAQABo4GDMIGAMB0GA1UdDgQWBBR7Dcym
XBp6u/jAaZOPUjUhEyhXfjBEBgNVHSMEPTA7gBR7DcymXBp6u/jAaZOPUjUhEyhX
fqEYpBYwFDESMBAGA1UEAwwJVEctVlBOLUNBggkAqcYYkrqoupIwDAYDVR0TBAUw
AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAE79ngbdSlP7IBbf
nJ+2Ju7vqt9/GyhcsYtjibp6gsMUxKlD8HuvlSGj5kNO5wiwN7XXqsjYtJfdhmzz
VbXksi8Fnbnfa8GhFl4IAjLJ5cxaWOxjr6wx2AhIs+BVVARjaU7iTK91RXJnl6u7
UDHTkQylBTl7wgpMeG6GjhaHfcOL1t7D2w8x23cTO+p+n53P3cBq+9TiAUORdzXJ
vbCxlPMDSDArsgBjC57W7dtdnZo7gTfQG77JTDFBeSwPwLF7PjBB4S6rzU/4fcYw
y83XKP6zDn9tgUJDnpFb/7jJ/PbNkK4BWYJp3XytOtt66v9SEKw+v/fJ+VkjU16v
E/9Q3h4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFwjCCA6qgAwIBAgIRAPqbeSF13PE019f4UOUhbx8wDQYJKoZIhvcNAQENBQAw
PTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUg
Um9vdCBDQSAxIDIwMjAwIBcNMjMwNjI1MTM0ODU2WhgPMjA1MzA2MTcxMzQ4NTZa
MD0xETAPBgNVBAoMCFRvckd1YXJkMSgwJgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRl
IFJvb3QgQ0EgMSAyMDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
1Z1zrVEDLc8DUUFsCGz0H3fOi+YVGeuHsmNvIlKDnLpXqPkKjfcFOxs1pwMNYr8f
BBkBct9W2oh1G1DxYLfjM1K8hlZNY1fvRs6mRFAX/nj+poK0gT5n0uTD0vQ5j/Aq
HO2wXCQm1xa2lUb7WrIt0ixKpgglRCeZwTXV2p7f9JZUI+ORX0B1zrV83e1ruefK
+RCd3vf2UKurvz+sm0DS8xAC4LBX8xh1kk7MiAsK3a1mTufHpYmjAyS736yi+1rS
CDEb7hBI3QXAGVwRFrGofHhR409XfB7aYwJela+bxRW44UD5az0uaeBM0GJcexH1
fwi9F7ExAdR0kwWbJYX70S1F8es0Ik1ZpsLo2UEHc2/ueQMfpaLUL4kWfZOKNWWF
SSbXR1YxPHitBSH638v4GfyNadBtG8UpVZ0dpsR/3VDoWH+WmowmlwhOAr5S/qt/
iXf+/l8aHh4E/5AN4yTM1cCX+5LnKFCfJoWaxShI3TKi6Iw/80JWfAXAV52OKErR
RuQ2YM+sQnJu+0vlW3oeNSQD2JwvSs0RD0zMC6Q6kCQXuDXyogS5K9qBlMt7UKDf
ZgaNnfiYvHjDh1XeQDN2hWUm0fTf14SCz4Lo8uE+CfnJHjU3zwk4GLvF8cs8RXhf
8uZ5V/QHLxX9tK7FmLiTD8q1/U2tuzNlHgJURt8beGkCAwEAAaOBujCBtzAOBgNV
HQ8BAf8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUM5sAY05zw9+2
R6IdqRB5uRRmxpkwdQYDVR0jBG4wbIAUM5sAY05zw9+2R6IdqRB5uRRmxpmhQaQ/
MD0xETAPBgNVBAoMCFRvckd1YXJkMSgwJgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRl
IFJvb3QgQ0EgMSAyMDIwghEA+pt5IXXc8TTX1/hQ5SFvHzANBgkqhkiG9w0BAQ0F
AAOCAgEAnHPYMbo5Tf3tCD8HKVoibt4dtd9wEUh/XDFg2RNM8caa9x32gZJXCXSD
UatdHYabukrsYqZIIt/XeL0SB8KzCQVyiMIHadCZBKc8Va/ays9lP/Kky6f3jkbr
T5t9IhyHYNDWkrXmY/gNXCPoeulRQ55R0I1g5ko/JwvNp6q/V3fwvcpJJaFSh/NT
OvBGCPR/pnR8isgmjF/i7KcN/b8gvO4EiqCk4AVl30aDUJBDyjnisCk9JMS4JxAY
kJ9MGkqI1wHno3eKqBWoUEtyNe58VFQwxUgSf8cTV+p6DEZaM14qqDXzIQ3kHdGT
H5ciqlzok0ocUM3AXvpHyoPbMPIFJ1uNvrYBWyDeP/KT512VNjpW30GtfMzZXJ2s
EkcMAxghdqHxeKkOWVSsHHglHhq2qHsGF7eTZO1CFkV6kL0sn8shlPiJ/EE1//0t
XycWstBaTe1TpiOYjLiLpwJvu7oMQIrl/YtCi/tXfkl8BLG0hncCLUovsIqQdjpo
6jMux8p7D8L7yDV9GuQGxoT542GM53o83/esHhDSEMzDydH/cvpht/b9/YOzBxTM
cxdxL8RDOKommtIfro1VE2z0YJ0KURD7jZe9mygV2KXokIBG4V+vhOglb7hT//dr
KFz6GDZAqs/KKeUIZxUWlpPaNssJygwDq6EjlNdelrxdWIYtR9Y=
-----END CERTIFICATE-----
</ca>
- OPENVPN_VERSION=2.5
- OPENVPN_CIPHERS=AES-128-GCM
Fails like this:
gluetun | 2024-05-09T16:03:22-04:00 INFO [openvpn] OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-128-GCM') if you want to connect to this server.
gluetun | 2024-05-09T16:03:22-04:00 ERROR [openvpn] Failed to apply push options
gluetun | 2024-05-09T16:03:22-04:00 INFO [openvpn] Failed to open tun/tap interface
- OPENVPN_VERSION=2.6
- OPENVPN_CIPHERS=AES-128-GCM
Is successful
- OPENVPN_VERSION=2.6
- OPENVPN_CIPHERS=AES-256-GCM
Fails like this:
gluetun | 2024-05-09T16:07:03-04:00 INFO [openvpn] Error: negotiated cipher not allowed - AES-128-GCM not in AES-256-GCM
gluetun | 2024-05-09T16:07:03-04:00 INFO [openvpn] OPTIONS ERROR: failed to import crypto options
gluetun | 2024-05-09T16:07:03-04:00 INFO [openvpn] Failed to open tun/tap interface
- OPENVPN_VERSION=2.6
(without specifying the cipher) fails like this:
gluetun | 2024-05-09T16:11:33-04:00 INFO [openvpn] Error: negotiated cipher not allowed - AES-128-GCM not in AES-256-GCM
gluetun | 2024-05-09T16:11:33-04:00 INFO [openvpn] OPTIONS ERROR: failed to import crypto options
gluetun | 2024-05-09T16:11:33-04:00 INFO [openvpn] Failed to open tun/tap interface
So it seems like the only two successful configuration options are:
128-CBC / v2.5 128-GCM / v2.6
Perfect, thanks for the detailed debugging and explanations 🎖️ !
I pushed 4bd16373f24296ba781d714d86eda3f795841017 to update the Gluetun configuration to match more closely the config you shared:
Let me know if it solves it for you on the latest image (don't forget to re-pull), thanks!
Thank you! Now starting gluetun with and without specifying the OpenVPN version or cipher I get this:
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]193.235.146.104:1912
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] UDPv4 link remote: [AF_INET]redacted:1912
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=TG-VPN-CA, serial=12233492456274442898
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] OpenSSL: error:0A000086:SSL routines::certificate verify failed:
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] TLS_ERROR: BIO read tls_read_plaintext error
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] TLS Error: TLS object -> incoming plaintext read error
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] TLS Error: TLS handshake failed
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] SIGTERM received, sending exit notification to peer
gluetun | 2024-05-10T20:40:46-04:00 INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting
Just letting you know I'm seeing the same thing after updating
Hi, i'm having the same issue. What is the repository for this build with the fix? I'm using Unraid and I need to insert a repository to pull this build.
I use UNRAID as well but Portainer for docker, rolling back to the previous release solved it
image: qmcgaw/gluetun:v3
EDIT by qdm12: changed pr-2273
to v3
I use UNRAID as well but Portainer for docker, rolling back to the previous release solved it
image: qmcgaw/gluetun:v3
Thanks. yes that's what I did. I rolled back for now.
Have hit the same issue. Rolled back as suggested and now working again...
Sorry I was away the last few days without Internet... I pushed 19a9ac9fd7109bb1e9be4e93fb1135aba61a0a9e to remove the newly added 2nd certificate, that was likely causing the issue. Please let me know if this solves it 😉
Also to go back to the last stable release, use image :v3
. Avoid using images :pr-XYZ
which are built from pull requests and likely quite unstable.
Thank you!
Without specifying OpenVPN version or cipher I now get this:
gluetun | 2024-05-16T21:01:44-04:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
gluetun | 2024-05-16T21:01:44-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.235.52.19:1912
gluetun | 2024-05-16T21:01:44-04:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun | 2024-05-16T21:01:44-04:00 INFO [openvpn] UDPv4 link remote: [AF_INET]redacter:1912
gluetun | 2024-05-16T21:01:44-04:00 INFO [openvpn] [server] Peer Connection Initiated with [AF_INET]37.235.52.19:1912
gluetun | 2024-05-16T21:01:45-04:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun | 2024-05-16T21:01:45-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun | 2024-05-16T21:01:45-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun | 2024-05-16T21:01:45-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.35.0.10 peer 10.35.0.9
gluetun | 2024-05-16T21:01:45-04:00 INFO [openvpn] UID set to nonrootuser
gluetun | 2024-05-16T21:01:45-04:00 INFO [openvpn] Initialization Sequence Completed
gluetun | 2024-05-16T21:01:45-04:00 INFO [dns] downloading DNS over TLS cryptographic files
gluetun | 2024-05-16T21:01:46-04:00 INFO [healthcheck] healthy!
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] downloading hostnames and IP block lists
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] init module 0: validator
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] init module 1: iterator
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] start of service (unbound 1.20.0).
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
gluetun | 2024-05-16T21:01:47-04:00 INFO [dns] ready
With version 2.6 and no cipher specified:
gluetun | 2024-05-16T21:03:19-04:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun | 2024-05-16T21:03:19-04:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
gluetun | 2024-05-16T21:03:20-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]193.235.146.104:1912
gluetun | 2024-05-16T21:03:20-04:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun | 2024-05-16T21:03:20-04:00 INFO [openvpn] UDPv4 link remote: [AF_INET]redacted:1912
gluetun | 2024-05-16T21:03:20-04:00 INFO [openvpn] [server] Peer Connection Initiated with [AF_INET]193.235.146.104:1912
gluetun | 2024-05-16T21:03:21-04:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun | 2024-05-16T21:03:21-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun | 2024-05-16T21:03:21-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun | 2024-05-16T21:03:21-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.35.0.10 peer 10.35.0.9
gluetun | 2024-05-16T21:03:21-04:00 INFO [openvpn] UID set to nonrootuser
gluetun | 2024-05-16T21:03:21-04:00 INFO [openvpn] Initialization Sequence Completed
gluetun | 2024-05-16T21:03:21-04:00 INFO [dns] downloading DNS over TLS cryptographic files
gluetun | 2024-05-16T21:03:21-04:00 INFO [healthcheck] healthy!
With version 2.5 and no cipher specified
gluetun | 2024-05-16T21:04:57-04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
gluetun | 2024-05-16T21:04:57-04:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
gluetun | 2024-05-16T21:04:57-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.235.52.19:1912
gluetun | 2024-05-16T21:04:57-04:00 INFO [openvpn] UDP link local: (not bound)
gluetun | 2024-05-16T21:04:57-04:00 INFO [openvpn] UDP link remote: [AF_INET]redacted:1912
gluetun | 2024-05-16T21:04:58-04:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1581', remote='link-mtu 1569'
gluetun | 2024-05-16T21:04:58-04:00 WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
gluetun | 2024-05-16T21:04:58-04:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
gluetun | 2024-05-16T21:04:58-04:00 WARN [openvpn] 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
gluetun | 2024-05-16T21:04:58-04:00 INFO [openvpn] [server] Peer Connection Initiated with [AF_INET]37.235.52.19:1912
gluetun | 2024-05-16T21:04:59-04:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun | 2024-05-16T21:04:59-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun | 2024-05-16T21:04:59-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun | 2024-05-16T21:04:59-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.35.0.10 peer 10.35.0.9
gluetun | 2024-05-16T21:04:59-04:00 INFO [openvpn] UID set to nonrootuser
gluetun | 2024-05-16T21:04:59-04:00 INFO [openvpn] Initialization Sequence Completed
gluetun | 2024-05-16T21:04:59-04:00 INFO [healthcheck] healthy!
Unrelated: how can I know which version of OpenVPN is being used when I don't specify a version?
Thanks for get the fix through!
@gabrielwhite Great! 👍 I'll assume then that removing the 2nd certificate fixes the issue for certificate validation (no idea why, but if it works, it works). Closing this 😉 !
Unrelated: how can I know which version of OpenVPN is being used when I don't specify a version?
It's written in the logs by OpenVPN, for example INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl ...
Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.
Is this urgent?
No
Host OS
Debian Bookworm
CPU arch
x86_64
VPN service provider
TorGuard
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2024-05-04T16:22:29.394Z (commit ef6874f)
What's the problem 🤔
INFO [openvpn] Error: negotiated cipher not allowed - AES-128-GCM not in AES-128-CBC
).So, is it possible that gluetun isn't passing my cipher specification correctly using OpenVPN 2.6?
Share your logs (at least 10 lines)
Share your configuration