diff --git a/README.md b/README.md
index 5b93a83..3ade0dc 100644
--- a/README.md
+++ b/README.md
@@ -309,7 +309,7 @@ The script supports the following ciphers:
 
 And defaults to `AES-128-GCM`.
 
-OpenVPN 2.4 added a feature called "NCP": _Negotiable Crypto Parameters_. It means you can provide a cipher suite like with HTTPS. It is set to `AES-256-GCM:AES-128-GCM` by default and overrides the `--cipher` parameter when used with an OpenVPN 2.4 client. For the sake of simplicity, the script set both the `--cipher` and `--ncp-cipher` to the cipher chosen above.
+OpenVPN 2.4 added a feature called "NCP": _Negotiable Crypto Parameters_. It means you can provide a cipher suite like with HTTPS. It is set to `AES-256-GCM:AES-128-GCM` by default and overrides the `--cipher` parameter when used with an OpenVPN 2.4 client. For the sake of simplicity, the script sets `--cipher` (fallback for non-NCP clients), `--data-ciphers` (modern OpenVPN 2.5+ naming), and `--ncp-ciphers` (legacy alias for OpenVPN 2.4 compatibility) to the cipher chosen above.
 
 ### Control channel
 
diff --git a/openvpn-install.sh b/openvpn-install.sh
index ce28c18..c625ee6 100755
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -1240,6 +1240,8 @@ cert $SERVER_NAME.crt
 key $SERVER_NAME.key
 auth $HMAC_ALG
 cipher $CIPHER
+ignore-unknown-option data-ciphers
+data-ciphers $CIPHER
 ncp-ciphers $CIPHER
 tls-server
 tls-version-min 1.2
@@ -1389,6 +1391,9 @@ verify-x509-name $SERVER_NAME name
 auth $HMAC_ALG
 auth-nocache
 cipher $CIPHER
+ignore-unknown-option data-ciphers
+data-ciphers $CIPHER
+ncp-ciphers $CIPHER
 tls-client
 tls-version-min 1.2
 tls-cipher $CC_CIPHER