Hi,
there is a "disconnected <unkown cipher alg or key size>" error when I try to connect ovpn server with android client.
it looks like this topic but not same viewtopic.php?t=21087
any idea how to fix it?
btw, is "unkown" means "unknown"?
cannot establish ovpn connection
You do not have the required permissions to view the files attached to this post.
Re: cannot establish ovpn connection
It's probably possible that client uses something more modern by default, so check OpenVPN manual how to specify algorithms in client config, and add what RouterOS uses.
Re: cannot establish ovpn connection
I believe it's mikrotik's ssl problemIt's probably possible that client uses something more modern by default, so check OpenVPN manual how to specify algorithms in client config, and add what RouterOS uses.
Re: cannot establish ovpn connection
Anything is possible, but just believing that RouterOS is broken (clearly not that much, otherwise you wouldn't be the only one to notice) won't help you to fix the problem. My suggestion could, no guarantees of course, but there's a chance.
Re: cannot establish ovpn connection
I just was struggling around with the same issue, reading in this forum and didn't found any solution.
After reading the log of the OpenVPN-Android Client more carefully, I found a solution, that I tested working on newest RouterOS (7.6) and latest Android OpenVPN Client (0.7.43) and I want to share it with others that are looking for the same.
In RouterOS in the OVPN-Server settings activate "sha1" in the "Auth" section and encryption "aes 256" in the "Cypher" section.
Like Sob suggested already, OpenVPN-Client is suppressing weak or bad/old cypher in the background. Resulting in client and server will not find a common encryption to use.
So you have to explicitly name it in OpenVPN-Client configuration:
Under basic tap you can leave compat mode to "Modern Defaults"
Under authentification/encryption tab name "AES-256-CBC" at Encryption ciphers and "SHA-1" at Packet authentification.
Now suppress fallback to other cipher:
In the advanced tab click "Enable Custom Options"
Add the Custom Options add "data-ciphers-fallback AES-256-CBC" and click ok.
With this settings you should now by able to connect the android client with RouterOS OVPN-Server.
After reading the log of the OpenVPN-Android Client more carefully, I found a solution, that I tested working on newest RouterOS (7.6) and latest Android OpenVPN Client (0.7.43) and I want to share it with others that are looking for the same.
In RouterOS in the OVPN-Server settings activate "sha1" in the "Auth" section and encryption "aes 256" in the "Cypher" section.
Like Sob suggested already, OpenVPN-Client is suppressing weak or bad/old cypher in the background. Resulting in client and server will not find a common encryption to use.
So you have to explicitly name it in OpenVPN-Client configuration:
Under basic tap you can leave compat mode to "Modern Defaults"
Under authentification/encryption tab name "AES-256-CBC" at Encryption ciphers and "SHA-1" at Packet authentification.
Now suppress fallback to other cipher:
In the advanced tab click "Enable Custom Options"
Add the Custom Options add "data-ciphers-fallback AES-256-CBC" and click ok.
With this settings you should now by able to connect the android client with RouterOS OVPN-Server.
-
-
AlexanderK
just joined
- Posts: 4
- Joined:
Re: cannot establish ovpn connection
I just wished, I had found your post earlier... about four hours earlierI just was struggling around with the same issue, reading in this forum and didn't found any solution.
After reading the log of the OpenVPN-Android Client more carefully, I found a solution, that I tested working on newest RouterOS (7.6) and latest Android OpenVPN Client (0.7.43) and I want to share it with others that are looking for the same.
Thanks a lot, that worked!