I just upgraded to Tunnelblick 4.0 and noticed that it no longer works with any of the VPN Gate servers I use. I believe the problem is that all the servers I use are using
Code: Select all
cipher AES-128-CBC
Code: Select all
OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
Just FYI. Thank you for this service.If you can connect only with one or more of the other versions, your VPN setup relies on insecure algorithms or programs. Future versions of Tunnelblick will not include these algorithms and programs. Contact your VPN service provider and have them update the VPN to be compatible with OpenVPN 2.6, which is the current version of OpenVPN, and OpenSSL 3.0, which is the Long Term Support version of OpenSSL.
…
If the VPN does not connect with OpenVPN 2.6.9 - OpenSSL 3.0.13 or OpenVPN 2.6.9 - OpenSSL 1.1.1w, try OpenVPN 2.5.9 and 2.4.12. If it connects with one of them, contact whoever gave you your VPN configurations. The configurations require an out-of-date version of OpenVPN and should be updated.
At some point Tunnelblick will no longer include OpenVPN 2.5.9 and 2.4.12. They are no longer supported by OpenVPN. Your VPN setup should be updated to be compatible with the current version, 2.6.