I’m trying to VPN into my home router running Tomato from my SFOS 4.5.0.24 xperia 10 II. I generated an OpenVPN config + certificates and keys on the router. The ovpn file warns that it’s for openvpn versions 2.4.0 or newer. OpenVPN on SFOS reports its version as 2.5.5, so good.(?) But when I try to connect, I get the following error logged:
2023-12-29 21:40:32 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add ‘–data-ciphers-fallback BF-CBC’ to your configuration and/or add BF-CBC to --data-ciphers.
Options error: --status fails with ‘status’: Permission denied (errno=13)
Options error: Please correct these errors.
Use --help for more information.
I can use the exact generated config, keys, and certificates files from Tomato on a lubuntu 20.04 laptop running OpenVPN 2.4.12 to VPN into my home router. I can also connect my SFOS phone to NordVPN using OpenVPN with a .ovpn configuration download from that service. So I know that the phone can connect over openvpn to something, and I know that the client files from my Tomato router will work on some hardware running some OS.
The router is using data ciphers:
CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
These are the default I get when I tell Tomato to go generate a client config, and I haven’t added, deleted or changed anything, mainly because I’m not familiar at all with the subject.
So what’s going wrong? Is the error saying that my SFOS OpenVPN version is too new, and I need to update the router and/or enable another cipher on the router end? Or do I need to add something to the .ovpn configuration on the SFOS phone end? I’m reading all the words in the error log, but I’m not putting them together into an actionable solution.
And BTW, I have tried putting all the keys and certs inline in the .ovpn file, but the error remains the same.