AEAD Decrypt Error on Netgate 2100 with OpenVPN
-
We're experiencing recurring log entries on our Netgate 2100 (running pfSense 24.11 version) related to OpenVPN:
openvpn[36440]: AEAD Decrypt error: cipher final failed
Context:
- Hardware: Netgate 2100
- Firmware: pfSense pfSense 24.11
- VPN Setup: Site-to-site and/or remote access OpenVPN using AEAD ciphers (ES-128-GCM, AES-128-CBC, AES-256-CBC)
- TLS Authentication: Enabled
- Hardware Crypto: Enabled (default)
- No recent changes have been made to the VPN or firewall configuration
- No firewall rules have been modified recently on the WAN or OpenVPN interfaces
- Clients connect fine and aren’t reporting any issues — everything seems stable
The error shows up fairly regularly, but no one is experiencing disconnects or performance problems. From what I’ve read, it could be caused by stray UDP packets or WAN noise, but just wanted to double-check.
Is this something to worry about?
-
Yeah I'd guess it's random errors in the link occasionally corrupting a UDP packet. It depends what rate you're actually seeing but I probably wouldn't be worried if it's not continuous.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.