Today a company reported random connectivity issues through an OpenVPN server. Together with these errors in the logs:
journalctl -fu openvpn@server
AEAD Decrypt error: cipher final failed
We have fixed reading the whole server configuration and finding this part:
/etc/openvpn/server.conf
# Uncomment this directive if multiple clients # might connect with the same certificate/key # files or common names. This is recommended # only for testing purposes. For production use, # each client should have its own certificate/key # pair. # # IF YOU HAVE NOT GENERATED INDIVIDUAL # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, # EACH HAVING ITS OWN UNIQUE "COMMON NAME", # UNCOMMENT THIS LINE OUT. ;duplicate-cn
So. If you have multiple clients sharing the same certificate, you have to de-comment that line.
Remove ; before duplicate-cn then save and restart the OpenVPN server and everything should work again.
This task is published in the hope to reach search engines and save time to other people.