What's new

Can't connect to my openvpn server anymore - Asus AC-RT87U.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

NysSD

New Around Here
Since the latest update i'll get this error when i try to connect to my openvpn server:
Jun 22 18:19:10: Viscosity Mac 1.5.7 (1290)
Jun 22 18:19:10: Viscosity OpenVPN Engine Started
Jun 22 18:19:10: Running on Mac OS X 10.10.4
Jun 22 18:19:10: ---------
Jun 22 18:19:10: Nakijken of verbinding beschikbaar is...
Jun 22 18:19:10: De verbinding is beschikbaar. Er wordt gepoogd de verbinding op te zetten.
Jun 22 18:19:10: OpenVPN 2.3.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 13 2015
Jun 22 18:19:10: library versions: OpenSSL 1.0.2c 12 Jun 2015, LZO 2.09
Jun 22 18:19:22: Attempting to establish TCP connection with [AF_INET]external_IP:443 [nonblock]
Jun 22 18:19:23: TCP connection established with [AF_INET]external_IP:443
Jun 22 18:19:23: TCPv4_CLIENT link local: [undef]
Jun 22 18:19:23: TCPv4_CLIENT link remote: [AF_INET]external_IP:443
Jun 22 18:19:23: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 22 18:19:23: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
Jun 22 18:19:23: TLS Error: TLS object -> incoming plaintext read error
Jun 22 18:19:23: TLS Error: TLS handshake failed
Jun 22 18:19:23: Fatal TLS error (check_tls_errors_co), restarting
Jun 22 18:19:23: SIGUSR1[soft,tls-error] received, process restarting
Jun 22 18:19:34: Attempting to establish TCP connection with [AF_INET]external_IP:443 [nonblock]
Jun 22 18:19:35: TCP connection established with [AF_INET]external_IP:443
Jun 22 18:19:35: TCPv4_CLIENT link local: [undef]
Jun 22 18:19:35: TCPv4_CLIENT link remote: [AF_INET]external_IP:443
Jun 22 18:19:35: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
Jun 22 18:19:35: TLS Error: TLS object -> incoming plaintext read error
Jun 22 18:19:35: TLS Error: TLS handshake failed
Jun 22 18:19:35: Fatal TLS error (check_tls_errors_co), restarting
Jun 22 18:19:35: SIGUSR1[soft,tls-error] received, process restarting
Jun 22 18:19:46: Attempting to establish TCP connection with [AF_INET]external_IP:443 [nonblock]
Jun 22 18:19:47: TCP connection established with [AF_INET]external_IP:443
Jun 22 18:19:47: TCPv4_CLIENT link local: [undef]
Jun 22 18:19:47: TCPv4_CLIENT link remote: [AF_INET]external_IP:443
Jun 22 18:19:47: TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
Jun 22 18:19:47: TLS Error: TLS object -> incoming plaintext read error
Jun 22 18:19:47: TLS Error: TLS handshake failed
Jun 22 18:19:47: Fatal TLS error (check_tls_errors_co), restarting
Jun 22 18:19:47: SIGUSR1[soft,tls-error] received, process restarting
 
Thanks to the release of 1.0.2a openssl and #LOGJAM. Do the following

#0 Make sure your router has the correct TIME.
#1 in linux run: openssl dhparam -out dhparams.pem 2048
#2 in the ASUS RT-68U go to /Advanced_VPN_OpenVPN.asp and change it to "advanced" on the dropdown
#3 click Content modification of Keys & Certification. Copy Paste your dhparams.pem content into "Diffie Hellman parameters"
#4 Hit Apply. Your clients should reconnect
#6 Credit me when you get points on stackexchange for this, i spent hours reading openssl change logs and understanding what all was done here to break this for everybody.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top