Cipher Alogrithm 'AES-256-GCM' Not Found (OpenVPN Error)

Question

I was trying to connect to a .ovpn file using OpenVPN but when I try to connect it with this command:

sudo openvpn --config downloaded-client-config.ovpn

It failed with the following output:

Wed Jun 17 23:53:03 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
Wed Jun 17 23:53:03 2020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Wed Jun 17 23:53:03 2020 Cipher algorithm 'AES-256-GCM' not found (OpenSSL)
Wed Jun 17 23:53:03 2020 Exiting due to fatal error

My OpenSSL version: OpenSSL 1.1.0h 27 Mar 2018

OpenVPN version: OpenVPN 2.3.10

Ubuntu Version: 16.04

Also, I ran this command as well to see the list of ciphers I have: openvpn --show-ciphers

and AES-256-GCM was not present in that in that list. How can I add it manually if it's possible?

PS: I am kind of a layman with respect to OpenVPN

Answer 1

This is an issue with the OpenVPN version. The AES-256-GCM cipher was added in version 2.4.

You can follow these steps to install OpenVPN 2.4 on Ubuntu 16.04 at which point the cipher should properly work. The suggestion in the comments to upgrade your OS entirely would also work, but is certainly not necessary!

Answer 2

I had a similar issue trying to connect a 2.3.2 client to a 2.4.4 server. I referred to this cipher negotiation reference and updated both server and client config to use cipher AES-256-CBC

When the 2.4 server is set to AES-256-CBC, the clients (also set to AES-256-CBC) negotiate the following ciphers:

2.5 - AES-256-GCM
2.4 - AES-256-GCM
2.3 - AES-256-CBC
2.2 - AES-256-CBC