NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
OpenVPN 2.6.12-1001 not working on Windows 11
Having a frustrating time getting OpenVPN working with my Nighthawk RS300 router on Windows 11.
I have followed the install instructions from the Netgear website, including:
- Changing network adapter name to NETGEAR-VPN
- Copying the configuration details from the router to the OpenVPN/config folder
I have even uninstalled my firewall.
I am using OpenVPN 2.6.12-1001 (as I'm using TAP). I have also tried 2.5.51602
When I run OpenVPN, I get the following log messages:
2024-12-19 21:40:19 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-12-19 21:40:19 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
I know the router and host machine (for RDP) are setup correctly, as I can run OpenVPN from my android phone and access the host machine (internally and externally).
The issues is only on Windows 11, and I have tried multiple machines with the same result.
My Config is as follows:
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote XXXXXXX.com 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
auth-nocache
cipher AES-128-CBC
comp-lzo
verb 0
sndbuf 393216
rcvbuf 393216
It appears that the issue is to do with the cipher, however, I have no idea what this means.
Any help would be appreciated.
4 Replies
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6A STP is recommended.Is Protection Engine enabled on the RS router? Try disabling it and see?
Check with OpenVPN support for help and information regarding there product...
Thanks for your reply.
The modem (set to pass through) is the Xfinity XB6. I'm using Cat 6e cable. I don't believe the issue is at this end as I can access the Netgear router and host computer from my android phone (outside of the network).
I have tried disabling the Protection Engine. No luck here.
I believe the issue is in the Config file for Windows.
Is Windows the only one PC you have? Don't happen to have a different PC to test with?
Have you asked OpenVPN about this issue with Windows 11?
https://forums.openvpn.net/viewtopic.php?t=33940
https://geekchamp.com/how-to-fix-openvpn-not-working-in-windows-11/
Hello,
From what I understand, neither of those error messages prevent the vpn from connecting. The window in which those messages appear will disappear once the connection is fully established. The system tray icon should look like this once the connection is established:
VPN client is connected to server
(green for connected, black when there's no connection)
From what I understand from the Openvpn documentation, --cipher was used to select the encryption algorithm in earlier versions and the parameter is retained for compatibility.
To get a better idea of whats happening when the connection is setup I changed the config file "verb 0" to "verb 5" and found the following messages:
2025-01-22 21:09:34 us=406000 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-01-22 21:09:34 us=406000 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-01-22 21:09:34 us=406000 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'This is good. This tells me data will be encrypted/decrypted with AES-256-GCM.
Hope this helps.
