Menu
What's new
By:
Filters Better Search

Open VPN App No Longer Working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

David2001

Occasional Visitor
After updating to the latest iOS Open VPN client, I can no longer connect to the server side on the Asus AX86U. I think the iOS client has updated to the newest open VPN version while the Asus Merlin server implementation is out of spec at this point. Is there a fix coming?
 

Attachments

  • IMG_2718.jpeg
    IMG_2718.jpeg
    60.2 KB · Views: 44
To add more details. I believe what is happening is that iOS client is now using Open SSL 3.0.8 while Asus Merlin’s implementation still issues 1.1.1
 
David2001 said:
After updating to the latest iOS Open VPN client, I can no longer connect to the server side on the Asus AX86U. I think the iOS client has updated to the newest open VPN version while the Asus Merlin server implementation is out of spec at this point. Is there a fix coming?
Click to expand...
The problem is not due to the OpenSSL (or OpenVPN) software. The cause of the error & the solution are spelled out in your screenshot.

----------------------------------------------------
"Error message: you are using insecure hash algorithm in CA signature. Please regenerate CA with other hash algorithm."
----------------------------------------------------

IOW, when you generated your current OpenVPN CA certificate, the signature hash algorithm that was used is no longer supported by the updated OpenVPN client s/w (likely because that hash algorithm is now deprecated), so you must now regenerate your CA certificate using the "Renew" button on the router's webGUI and then export the new client configuration file.

After the CA certificate has been regenerated, you can check what the signature hash algorithm is with the following command (via an SSH terminal session):
Bash: 
openssl x509 -noout -text -in "/jffs/openvpn/vpn_crt_server1_ca" | grep "Signature Algorithm"
It should be "sha256WithRSAEncryption" instead of whatever you had before (you can check what signature you have now by using the same command above, if you want to compare them).
 
Last edited:
Ok that worked. Thanks!
*I at first just re-exported the certificate. Didn’t think I needed to recreate it from some reason.
 
You must log in or register to reply here.

Similar threads

C
How can I do this.. Router VPN Client to Server 2
Replies
3
Views
330
ComputerSteve
C
G
[Help] Routing VPN server through VPN client (external VPN Provider)
Replies
14
Views
1K
ZebMcKayhan
Z
L
Unbound Youtube Addblock via VPN Server
Replies
7
Views
569
Katana1074
Katana1074
S
VPN blocking MMS text messages
Replies
8
Views
593
Piotrek
P
F
Localization problem on VPN
2
Replies
22
Views
2K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
S Open ports query on AX88U Asuswrt-Merlin 6
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 4
M Solved aaews open two port random Asuswrt-Merlin 2
G Solved aicloud ports open Asuswrt-Merlin 1
J Why does my RT-AX88u show ports 80,443 & 21 open from WAN? Asuswrt-Merlin 0
G Need help with VPN Asuswrt-Merlin 2
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
A Asus Merlin 388.6_2 VPN-Director Asuswrt-Merlin 5
M VPN FUSION & VPN DIRECTOR Merlin Firmware Asuswrt-Merlin 34

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 843 (members: 25, guests: 818)
Top