Page MenuHomeGitPull.it

Connectivity issues in OpenVPN and "AEAD Decrypt error: cipher final failed"
Closed, ResolvedPublic

Description

Today a company reported random connectivity issues through an OpenVPN server. Together with these errors in the logs:

journalctl -fu openvpn@server
AEAD Decrypt error: cipher final failed

We have fixed reading the whole server configuration and finding this part:

/etc/openvpn/server.conf
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.  This is recommended
# only for testing purposes.  For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

So. If you have multiple clients sharing the same certificate, you have to de-comment that line.

Remove ; before duplicate-cn then save and restart the OpenVPN server and everything should work again.

This task is published in the hope to reach search engines and save time to other people.

Event Timeline

valerio.bozzolan triaged this task as Normal priority.Dec 14 2020, 16:25
valerio.bozzolan created this task.
Restricted Application added a project: User-valerio.bozzolan. · View Herald TranscriptDec 14 2020, 16:25
valerio.bozzolan closed this task as Resolved.Dec 14 2020, 16:25