Hi, I'm new here.
I am trying to get openVPN server working to allow inbound client connections to my asus RT-N66U using tunnelblick, but I"m getting errors. (at the very bottom)
I've seen several possible reasons why this isn't working and my best guess is my openvpn client tunnelblick v3.5.3 (build4270.4371) is enforcing longer diffie helman keys than the router has.
I found this post: https://groups.google.com/forum/#!topic/tunnelblick-discuss/V657umITS5w
Which led me to this page: https://openvpn.net/index.php/open-source/documentation/howto.html#pki
Am I chasing the right problem? what are my options?
I think they are
1) Update the router software
2) downgrade the openVPN client
3) cook up a key and install it on the router.
#1 is too risky for me as it is my only working router.
#2 is an option, but, if the shorter key is a credible security risk I'd like to avoid it
#3 sounds like the best option, but I'm somehow not able to create one.
any ideas?
details:
ASUS RT-N66U fw version: 3.0.0.4.376_3861
Mac OSX 10.10.5
tunnelblick v3.5.3 (build4270.4371)
2015-09-17 20:46:41 TLS Error: TLS object -> incoming plaintext read error
2015-09-17 20:46:41 TLS Error: TLS handshake failed
2015-09-17 20:46:41 SIGUSR1[soft,tls-error] received, process restarting
2015-09-17 20:46:41 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-09-17 20:46:41 UDPv4 link local: [undef]
2015-09-17 20:46:41 UDPv4 link remote: [AF_INET]50.173.162.107:1194
2015-09-17 20:46:42 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
I also have a windows 81 Pro system and an ubuntu 14.0x system if there is an easier key-gen for those operating systems.
tnx in advance.
Dan
I am trying to get openVPN server working to allow inbound client connections to my asus RT-N66U using tunnelblick, but I"m getting errors. (at the very bottom)
I've seen several possible reasons why this isn't working and my best guess is my openvpn client tunnelblick v3.5.3 (build4270.4371) is enforcing longer diffie helman keys than the router has.
I found this post: https://groups.google.com/forum/#!topic/tunnelblick-discuss/V657umITS5w
Which led me to this page: https://openvpn.net/index.php/open-source/documentation/howto.html#pki
Am I chasing the right problem? what are my options?
I think they are
1) Update the router software
2) downgrade the openVPN client
3) cook up a key and install it on the router.
#1 is too risky for me as it is my only working router.
#2 is an option, but, if the shorter key is a credible security risk I'd like to avoid it
#3 sounds like the best option, but I'm somehow not able to create one.
any ideas?
details:
ASUS RT-N66U fw version: 3.0.0.4.376_3861
Mac OSX 10.10.5
tunnelblick v3.5.3 (build4270.4371)
2015-09-17 20:46:41 TLS Error: TLS object -> incoming plaintext read error
2015-09-17 20:46:41 TLS Error: TLS handshake failed
2015-09-17 20:46:41 SIGUSR1[soft,tls-error] received, process restarting
2015-09-17 20:46:41 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-09-17 20:46:41 UDPv4 link local: [undef]
2015-09-17 20:46:41 UDPv4 link remote: [AF_INET]50.173.162.107:1194
2015-09-17 20:46:42 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
I also have a windows 81 Pro system and an ubuntu 14.0x system if there is an easier key-gen for those operating systems.
tnx in advance.
Dan