OpenVPN iOS Authentiction Failed Data channel cipher negotiation failed (no shared cipher)

So I was traveling on Saturday and needed to connect to my VPN. Unfortunately, my vpn would not connect. When I got home I discovered I had two problems. First, the gui upgrade on my PFSense box had not fully upgraded everything. The fix for this is pretty straightforward: Access a shell on PFSense and run pfSense-upgrade -d. This upgraded OpenVPN on the device to 2.5 (I believe the current version as of this writing).

Then I had another problem. I was getting this error message:

The solution is to go into settings for the app (hamburger button in the upper left corner, then settings and de-select AES-CBC Cipher Algorithm. This setting can break the VPN connection if you are using TLS 1.3 because 1.3 does not support AES-CBC.

I did not have an easy time finding help with this issue online, so I am writing this in the hopes that it is found by someone else needing help.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s