Package: openvpn Version: 2.4.0-6+deb9u2 Severity: important A standing connection, open continually since several weeks, suddenly breaks down with error message "AEAD Decrypt error: cipher final failed". Connection reopens only after complete reboot of server.
As it seems this regression has been solved in upstream some sixteen months ago (https://community.openvpn.net/openvpn/ticket/887). Relevant log messages (endlessly repeated): AEAD Decrypt error: cipher final failed AEAD Decrypt error: cipher final failed AEAD Decrypt error: cipher final failed PUSH: Received control message: 'PUSH_REQUEST' PUSH: client wants to negotiate cipher (NCP), but server has already generated data channel keys, ignoring client request SENT CONTROL [Client-FQDN]: 'PUSH_REPLY,route [...] AEAD Decrypt error: cipher final failed AEAD Decrypt error: cipher final failed AEAD Decrypt error: cipher final failed . . . -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-7-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15), LANGUAGE=de$ Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.61 ii init-system-helpers 1.48 ii iproute2 4.9.0-1+deb9u1 ii libc6 2.24-11+deb9u3 ii liblz4-1 0.0~r131-2+b1 ii liblzo2-2 2.08-1.2+b2 ii libpam0g 1.1.8-3.6 ii libpkcs11-helper1 1.21-1 ii libssl1.0.2 1.0.2l-2+deb9u3 ii libsystemd0 232-25+deb9u4 ii lsb-base 9.20161125 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-2 Versions of packages openvpn suggests: ii openssl 1.1.0f-3+deb9u2 pn resolvconf <none> -- debconf information: openvpn/create_tun: false -- Bug report
