Hi all,

I've configured an OpenVPN-connection via OC300 on the ER8411.

When exporting an than importing the ovpn-file on a laptop, using the TP-Link client for Windows everything works fine and the OpenVPN-connection can be established.

After that I wanted to import it into a Logitech Squeezebox. I followed the guidelines from the website of the Lyrion Media Server (former Logitech).

The exported file from OC300 looks like this:

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo no
resolv-retry infinite
remote-cert-tls server
persist-key
auth-user-pass /etc/openvpn/up
explicit-exit-notify
remote MyIP-address 1194
<ca>
-----BEGIN CERTIFICATE-----
MIIDvTCCAyagAwIBAgIUMqThIeVK0IWddtfPLQ/wX8ZrSi8wDQYJKoZIhvcNAQEL

...

...

6Y20alDnuQ6x9EU1Xrg7RK4ezk1olqTB9lZJ3Xs9J+r+frbtTUaj3zUaYo2X1WcZ
2Q==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID/DCCA2WgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCQ04x
3BaWpRBO1Fix4AaPpVx1Wrf0oLFRTkR5PwCmUHcRg1dXyyITuVlcSWLlWxWJXSnT

...

...

5FK/u0bbH1LYRQmq+OcXKA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMz8fhdDQD9g1C/i

...

...

r9barT3OyDzoJwwvrj7hERQ/eVZo6Os9MCq1cXzAEzsPkARZyXJP1NccFd3KRLMP
sXkge3hdiV7W
-----END PRIVATE KEY-----
</key>
 

I import the file as plain text using vi as the editor. Everythig fine so far.

The entry auth-user-pass /etc/openvpn/up is for the Username an Password.

If I now start the OpenVPN on the SqueezeBox I get the following messages:

# /usr/sbin/openvpn --config /etc/openvpn/TUN.ovpn
1970-01-01 02:27:40 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
1970-01-01 02:27:40 WARNING: file '/etc/openvpn/up' is group or others accessible
1970-01-01 02:27:40 OpenVPN 2x5x11 arm-none-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 28 2025
1970-01-01 02:27:40 library versions: OpenSSL 1.1.1w  11 Sep 2023, LZO 2.10
1970-01-01 02:27:40 WARNING: Your certificate is not yet valid!
1970-01-01 02:27:40 TCP/UDP: Preserving recently used remote address: [AF_INET]MyIP-address:1194
1970-01-01 02:27:40 UDP link local: (not bound)
1970-01-01 02:27:40 UDP link remote: [AF_INET]MyIP-address:1194
1970-01-01 02:27:40 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
1970-01-01 02:27:41 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SMB-OMADA, CN=TP-Link CA, name=EasyRSA, emailAddress=xxxx@xxxx, serial=2891264725521854231828871xxxxxxxxxxxxxxxxxxxxxxxxxxx
1970-01-01 02:27:41 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
1970-01-01 02:27:41 TLS_ERROR: BIO read tls_read_plaintext error
1970-01-01 02:27:41 TLS Error: TLS object -> incoming plaintext read error
1970-01-01 02:27:41 TLS Error: TLS handshake failed
1970-01-01 02:27:41 SIGUSR1[soft,tls-error] received, process restarting

Please, can anybody tell me where the problem is?

Thanks