AWS VPN No longer works

After upgrading to Fedora 34 from 32, my AWS VPN no longer works - either by using my Network manager or directly on the command line.
If I try and use openvpn, I get the following error:

alexlashford@localhost ~/Downloads> openvpn --config Alex.ovpn
2021-07-16 10:42:16 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-07-16 10:42:16 OpenVPN 2.5.3 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 18 2021
2021-07-16 10:42:16 library versions: OpenSSL 1.1.1k  FIPS 25 Mar 2021, LZO 2.10
2021-07-16 10:42:16 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-07-16 10:42:16 TCP/UDP: Preserving recently used remote address: [AF_INET]52.19.243.122:443
2021-07-16 10:42:16 Attempting to establish TCP connection with [AF_INET]52.19.243.122:443 [nonblock]
2021-07-16 10:42:16 TCP connection established with [AF_INET]52.19.243.122:443
2021-07-16 10:42:16 TCP_CLIENT link local: (not bound)
2021-07-16 10:42:16 TCP_CLIENT link remote: [AF_INET]52.19.243.122:443
2021-07-16 10:42:17 [server] Peer Connection Initiated with [AF_INET]52.19.243.122:443
2021-07-16 10:42:18 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2021-07-16 10:42:18 ERROR: Failed to apply push options
2021-07-16 10:42:18 Failed to open tun/tap interface
2021-07-16 10:42:18 SIGUSR1[soft,process-push-msg-failed] received, process restarting

How do I debug this and fix it?

1 Like

You can edit cipher in the advanced settings for your VPN connection.
Or better edit the server config to match cipher on the client.

2 Likes