I have not been accessing this server for a long time. It has quite a lot updates but nothing for VPN and I didn’t update it as I’m waiting for slow working hours.
I have below lines in my vpn client logs
2023-10-04 11:10:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2023-10-04 11:10:09 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
2023-10-04 11:10:09 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-10-04 11:10:09 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-10-04 11:10:09 DCO version: v0
2023-10-04 11:10:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-10-04 11:10:09 Need hold release from management interface, waiting...
2023-10-04 11:10:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:52925
2023-10-04 11:10:09 MANAGEMENT: CMD 'state on'
2023-10-04 11:10:09 MANAGEMENT: CMD 'log on all'
2023-10-04 11:10:09 MANAGEMENT: CMD 'echo on all'
2023-10-04 11:10:09 MANAGEMENT: CMD 'bytecount 5'
2023-10-04 11:10:09 MANAGEMENT: CMD 'state'
2023-10-04 11:10:09 MANAGEMENT: CMD 'hold off'
2023-10-04 11:10:09 MANAGEMENT: CMD 'hold release'
2023-10-04 11:10:11 MANAGEMENT: CMD 'username "Auth" "my_connection_name"'
2023-10-04 11:10:11 MANAGEMENT: CMD 'password [...]'
2023-10-04 11:10:11 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-10-04 11:10:11 OpenSSL: error:0308010C:digital envelope routines::unsupported:Global default library context, Algorithm (RSA-SHA256 : 0), Properties (<null>)
2023-10-04 11:10:11 MANAGEMENT: Client disconnected
2023-10-04 11:10:11 Message hash algorithm 'RSA-SHA256' not found
2023-10-04 11:10:11 Exiting due to fatal error
As far as I understand, this is related to the configuration file itself and not about communication with the server. But, I cannot be sure.
When I download a new configuration file from server, it is identical to the existing one and not fixing.
Can someone who has more knowledge than me be kind enough to explain the problem and how to fix it, please?
Do you have any other OpenVPN Client (not 2.6.6 version) already working with the same config?
Some rows of your log are a little “uncommon”…
Deprecated chyphers
hash algorithm not found…
Would be nice also to share the screenshot of your config for OpenVPN server and the client configuration file (without public ip, username, and obviously server certificate)
SHA512 completely exclude RSA from the equation.
Also, is a couple of notches up in digest security, which is never bad if the underling platform have more juce to manage it.