netfortius
Occasional Visitor
Story:
- last *official* firmware from Asus on the n66u (376_3861) => ok with android openvpn clients, not ok on tunnelblick (OSX), due to too short DH
- $ sudo openssl dhparam -out dhparams.pem 2048 - followed by copying the content of dhparams.pem to the appropriate field (DH) in the router - save - fixed the DH error, but ended up with padded extra characters by the admin UI, for all cert content (files), which now fail client conn because of that
- upgraded to the beta version (378_4850), supposed to fix the padding (?? - should I get the japanese version 378_7410, instead?) => now the ca file only contains an extra line for each line of content, when exporting it to the client.ovpn AND - even if manually correcting by removing the empty lines - produces the following error on tunnelblick client connect:
"VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
Question: has anybody successfully got the openvpn server install from asus n66u running with tunnelblick client, or is this just not feasible? If successful - how?
Related Q: assuming that "toying around" with the various cert files I succeeded in breaking something, what is the alternative (short of factory reset???) to get back to the "out of the box" configuration of openvpn?
- last *official* firmware from Asus on the n66u (376_3861) => ok with android openvpn clients, not ok on tunnelblick (OSX), due to too short DH
- $ sudo openssl dhparam -out dhparams.pem 2048 - followed by copying the content of dhparams.pem to the appropriate field (DH) in the router - save - fixed the DH error, but ended up with padded extra characters by the admin UI, for all cert content (files), which now fail client conn because of that
- upgraded to the beta version (378_4850), supposed to fix the padding (?? - should I get the japanese version 378_7410, instead?) => now the ca file only contains an extra line for each line of content, when exporting it to the client.ovpn AND - even if manually correcting by removing the empty lines - produces the following error on tunnelblick client connect:
"VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
Question: has anybody successfully got the openvpn server install from asus n66u running with tunnelblick client, or is this just not feasible? If successful - how?
Related Q: assuming that "toying around" with the various cert files I succeeded in breaking something, what is the alternative (short of factory reset???) to get back to the "out of the box" configuration of openvpn?