Cloak client error with openvpn

[emzziper]

time="2022-11-06T05:46:16+03:30" level=info msg="Starting standalone mode"
time="2022-11-06T05:46:16+03:30" level=info msg="Listening on TCP 127.0.0.1:1984 for openvpn client"
time="2022-11-06T05:46:21+03:30" level=info msg="Attempting to start a new session"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: cipher: message authentication failed"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: cipher: message authentication failed"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: cipher: message authentication failed"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: EOF"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: EOF"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: EOF"
time="2022-11-06T05:46:21+03:30" level=error msg="Failed to prepare connection to remote: EOF"

Is there a solution to this problem? Shadowsocks with cloak works well and without problems.

[eazo4]

i think you either didn't add "openvpn":["tcp","127.0.0.1:1194"] (change 1194 if you choose a different port) to ckserver.json or didn't reboot so the changes take place

[emzziper]

I did. everything should be correct on the server side.
my configs :

openvpn.json :
{
"ProxyMethod":"openvpn",
"EncryptionMethod":"aes-128-gcm",
"UID":"MY UID",
"PublicKey":"MY PUB",
"ServerName":"204.79.197.200:443",
"NumConn":4,
"BrowserSig":"firefox",
"StreamTimeout": 300
}

---

openvpn server.conf :

port 2900
proto tcp <--- I TRIED UDP AS WELL. DIDN'T WORK
local 127.0.0.1
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 4.2.2.4"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_3mMVCYtFBUy0hGVT.crt
key server_3mMVCYtFBUy0hGVT.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-version-max 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

ckserver.json :

{
"ProxyBook": {
"openvpn":["tcp","127.0.0.1:2900"] , "panel":["tcp","127.0.0.1:0"]
},
"BypassUID": [
"LH1Gf8G2uUlJ4S/s9vcrZw==",
"tmokFofLzjjiwN2iQY1IxA=="
],
"BindAddr":[":443"],
"RedirAddr": "204.79.197.200:443",
"PrivateKey": "MY PRIVATE",
"AdminUID": "MY ADMIN UID",
"DatabasePath": "userinfo.db",
"StreamTimeout": 300
}

---

Listening Ports :

ck-server 363 root 7u IPv6 17285 0t0 TCP *:443 (LISTEN)
openvpn 364 nobody 7u IPv4 17676 0t0 TCP 127.0.0.1:2900 (LISTEN)

@HirbodBehnam @eazo4

[eazo4]

I got the same configs and it works for me so im not sure whats the problem here
im not knowledgeable enough but since it seems the problem is on ck client/server i would add both shadowsocks and openvpn to ProxyBook then test it with the same client json file but only changing ProxyMethod to see if the problem persists or not
if it didnt help hope @HirbodBehnam can help you