openVPN generated incorrect certs generated, key too small
openVPN generated incorrect certs generated, key too small
OpenVPN profiles, especially certs are too small, which causing unable to establish connection from modern Linux operating systems, like RHEL9 or Fedora 39.
Error is specifically:
OpenSSL: error:0A00018F:SSL routines::ee key too small:
So, is there a way, to customize the size of pem key during generating, or any settings which could be set in .openvpn file?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, please refer to Case 1 in this thread to troubleshoot first: VPN Server Is Not Working Properly on TP-Link Wi-Fi Routers
If it doesn't resolve the issue, please provide the required information for further follow-up.
- Copy Link
- Report Inappropriate Content
@Sunshine Adding the `tls-cipher` setting to the OpenVPN config and switching the transport method from UDP->TCP fixed it.
- Copy Link
- Report Inappropriate Content
Thank you for the two workarounds. Changing the Legacy settings worked and I'll be trying the second option shortly. This thing was driving me crazy since my Windows client connected fine but Android was being a pain.
Big thanks.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@GeorgettaCZ For Windows, there is no need to tweak a profile, use the OpenVPN comunity https://openvpn.net/community-downloads/ and make sure, the laptop is not on your home network. OR mobile phone. Not on same network like the router. Connect to mobile hotspot, mobile data plan, and then connect to OpenVPN
- Copy Link
- Report Inappropriate Content
Hello if just adding
tls-cipher vpn
client asking at least 1 argument
if adding tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
also error. i changed to TCP. any more idea ?
**** solution
in advanced setting
Sec level - lagacy
Tlc 1.3 - off
after this works fine
Udp also works
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 5201
Replies: 16