openVPN generated incorrect certs generated, key too small
OpenVPN profiles, especially certs are too small, which causing unable to establish connection from modern Linux operating systems, like RHEL9 or Fedora 39.
Error is specifically:
OpenSSL: error:0A00018F:SSL routines::ee key too small:
So, is there a way, to customize the size of pem key during generating, or any settings which could be set in .openvpn file?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, please refer to Case 1 in this thread to troubleshoot first: VPN Server Is Not Working Properly on TP-Link Wi-Fi Routers
If it doesn't resolve the issue, please provide the required information for further follow-up.
- Copy Link
- Report Inappropriate Content
@Sunshine Adding the `tls-cipher` setting to the OpenVPN config and switching the transport method from UDP->TCP fixed it.
- Copy Link
- Report Inappropriate Content
Thank you for the two workarounds. Changing the Legacy settings worked and I'll be trying the second option shortly. This thing was driving me crazy since my Windows client connected fine but Android was being a pain.
Big thanks.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@GeorgettaCZ For Windows, there is no need to tweak a profile, use the OpenVPN comunity https://openvpn.net/community-downloads/ and make sure, the laptop is not on your home network. OR mobile phone. Not on same network like the router. Connect to mobile hotspot, mobile data plan, and then connect to OpenVPN
- Copy Link
- Report Inappropriate Content
Hello if just adding
tls-cipher vpn
client asking at least 1 argument
if adding tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
also error. i changed to TCP. any more idea ?
**** solution
in advanced setting
Sec level - lagacy
Tlc 1.3 - off
after this works fine
Udp also works
- Copy Link
- Report Inappropriate Content
@Sunshine Is there any solution for this error? Neither of the workaround worked for me on ios openvpn app, so it seems on ios your vpn doesn't work.
Thank you
BR
Miklos
- Copy Link
- Report Inappropriate Content
Still looking for a solution for iOS—can anyone assist with this?
- Copy Link
- Report Inappropriate Content
Thank you both for following up on this thread.
If both of your iOS devices fail to connect to the OpenVPN Server of the TP-Link router, please try modifying the settings on the OpenVPN Client app as follows, then let me know if it works:
Open the OpenVPN Connect client > Click the three-line symbol in the upper left corner > Settings > Slide to the bottom to find the Advanced Settings > Set Security Level to Legacy
- Copy Link
- Report Inappropriate Content
@Kevin_Z Hi, thank you for your help; it's working now!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 5582
Replies: 21