Menu
What's new
By:
Filters Better Search

Help change OpenVPN 1024 bit RSA to 2048 bit RSA-87U_378.56_2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

lin

New Around Here
Can anyone help me change "TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA" to 2048 bit RSA?
device-87U_378.56_2
 
lin said:
Can anyone help me change "TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA" to 2048 bit RSA?
device-87U_378.56_2
Click to expand...

You will have to generate your own keys and certificates. Search the web and these forums for one of the numerous guides explaining how to do so using EasyRSA - there's one of those articles linked in my Wiki.
 
Thanks for pointing me in the right direction.
I ttried easy-rsa (part of openVPN windows client), followed instruction README.txt:
To generate TLS keys:
Create new empty index and serial files (once only)
1. vars
2. clean-all

Build a CA key (once only)
1. vars
2. build-ca

Build a DH file (for server side, once only)
1. vars
2. build-dh

Build a private key/certficate for the openvpn server
1. vars
2. build-key-server <machine-name>

vars file has this:
set HOME=%ProgramFiles%\OpenVPN\easy-rsa
set KEY_CONFIG=openssl-1.0.0.cnf
set KEY_DIR=keys
set KEY_SIZE=1024 (tried 2048 as well)

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=noname@noname.domain
set KEY_CN=router
set KEY_NAME=openvpn
set KEY_OU=IT
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234

the process mentioned in the README.txt creates everything fine. Copied content of ca.crt, server.crt, server.key, dh.pem to Content modification of Keys & Certification section. Which generates all files on the router (content matches files generated on my laptop). I then copied new client.ovpn file on my laptop. But when I connect using client I get this error "Cannot load inline certificate file: error:0906D06C:pEM routines:pEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:pEM lib"
when router creates server through it's usual means (1024 cert), all works fine. Manual process (with 1024 or 2048) isn't working.
 
Edit the .ovpn file, and look for any key/cert field that might still need to be filled, such as the client sections.
 
You must log in or register to reply here.

Similar threads

J
RT-AC86U DNS leaks while using mullvad
Replies
1
Views
409
jsn2233
J
Wishmaster1965
Solved OpenVPN Server Issue
Replies
5
Views
684
Wishmaster1965
Wishmaster1965
V
Unable to get NordVPN to work with Asus RT-AX82U
Replies
1
Views
745
Befuddled
B
S
OpenVPN on Mullvad: No Access from outside
Replies
4
Views
1K
martook
M
C
Can someone help in why this OpenVPN config doesn't work with merlin?
Replies
7
Views
1K
ComputerSteve
C
Similar threads
Thread starter Title Forum Replies Date
M Help Me Understand OpenVPN VPN 5
O TV with OpenVPN client VPN 15
S Offload OpenVPN to Raspberry Pi 5 versus using my AXE16000 for site-site? VPN 2
R How to route/bridge OpenVPN TUN Client to LAN/BR0? VPN 0
I Hardening Asus Merlin built in OpenVPN server VPN 1
B Does Asus AC5300 OpenVPN server support connect with IPV6 network? VPN 2
A openvpn on tp-link behind isp router VPN 0
T OpenVPN through Asus ET12 works on all my devices except for one... I can't figure out why, can anyone make sense of these logs? VPN 2
dougm [solved] PFSense+OpenVPN: Problems Routing Specific VLAN traffic out VPN VPN 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 853 (members: 15, guests: 838)
Top