Encryption incompatibility with other clients

I already contacted Zach by email but I repost this here because it can maybe help someone (or someone could help me).

I had encryption compatibility problems with clients other than pritunl client. The connection was working but I did not have any internet traffic available with non-pritunl clients (on Android, Linux and Windows), while everything was working fine on the same devices with pritunl clients on Linux and Windows.

Looking at these problems, I found that client config files were not actualized when server settings were changed. Even if the server was configured with AES-128-GCM, the client file was still created with AES-128-CBC. The same problem was found with the hash. Since pritunl clients have profile sync support but other clients don’t, I thought this was the source of the problem.

This misconfiguration can be solved while using other clients such as openvpn connect when activating “AES-CBC Cipher Algorithm” in the options with AES-128-GCM on the server side. Manually changing config files did not solve the problem, so for now I am stuck using AES-CBC which is not an optimal encryption scheme.

I have added three log file of the server when connecting with pritunl client (works), nmplasma (on the same device, not working) and openvpn on android (not working). As it possible to see, only the pritunl client can create a AES-128-GCM encryption since “Outgoing Data Channel: Cipher ‘AES-128-GCM’ initialized” and “Incoming Data Channel: Cipher ‘AES-128-GCM’ initialized” are shown in the server log.

Server logs for different clients (XX.XXX.XXX.XX is the IP adress of my server)

Using the “AES-CBC Cipher Algorithm” in openvpn connect client options, it actually prints “Outgoing Data Channel: Cipher ‘AES-128-CBC’” and internet traffic is fine.

I already contacted Zach to share this problem and hoping it can be fixed but if someone has an idea to fix this it would be awesome.

Thanks for your help and your time !