OpenVPN Dropping Occasionally
-
Hi all,
I just installed my first VPN on pfSense, and while it is working, I have some issues I could use some help on. The tunnel drops every few minutes and gets the following errors and warnings. I was hoping someone could help me identify the causes of them and how to correct them.
I had an issue choosing the encryption for the Auth Digest Algorithm. The guide I was referencing said to use RSA-SHA512 (512-bit). But that is not an option in the section now. So I picked SHA256 (256-bit).
Here are the errors that occur when the tunnel goes down:
Jul 29 04:06:35 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:36 openvpn 36204 AEAD Decrypt error: cipher final failed
Jul 29 04:06:37 openvpn 36204 AEAD Decrypt error: cipher final failedI read a post in a forum that says to modify an option in OpenVPN (Try adding ncp-disable to your OpenVPN options.), but I can't find that as an option in the OVPN GUI in pfSense to disable.
On my phone, I noticed an MTU setting, but I don't see an MTU setting anywhere, and everything should be the default. And the keysize, I have no idea on that one.
Jul 29 04:08:38 openvpn 36204 68.233.158.163:32535 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'
Jul 29 04:08:38 openvpn 36204 68.233.158.163:32535 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Any help would be appreciated: some Mode/Crypto settings for the server:
Mode: Remote Access ( SSL/TLS + User Auth )
Data Ciphers: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305, AES-256-CBC
Digest: SHA256
D-H Params: 4096 bits