Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Dropping Occasionally

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 573 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Overcon
      last edited by

      Hi all,

      I just installed my first VPN on pfSense, and while it is working, I have some issues I could use some help on. The tunnel drops every few minutes and gets the following errors and warnings. I was hoping someone could help me identify the causes of them and how to correct them.

      I had an issue choosing the encryption for the Auth Digest Algorithm. The guide I was referencing said to use RSA-SHA512 (512-bit). But that is not an option in the section now. So I picked SHA256 (256-bit).

      Here are the errors that occur when the tunnel goes down:

      Jul 29 04:06:35 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
      Jul 29 04:06:37 openvpn 36204 AEAD Decrypt error: cipher final failed

      I read a post in a forum that says to modify an option in OpenVPN (Try adding ncp-disable to your OpenVPN options.), but I can't find that as an option in the OVPN GUI in pfSense to disable.

      On my phone, I noticed an MTU setting, but I don't see an MTU setting anywhere, and everything should be the default. And the keysize, I have no idea on that one.

      Jul 29 04:08:38 openvpn 36204 68.233.158.163:32535 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'

      Jul 29 04:08:38 openvpn 36204 68.233.158.163:32535 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

      Any help would be appreciated: some Mode/Crypto settings for the server:

      Mode: Remote Access ( SSL/TLS + User Auth )
      Data Ciphers: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305, AES-256-CBC
      Digest: SHA256
      D-H Params: 4096 bits

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.