What's new

merlin 386.1, ovpn client 3.4.1, "error:0A00018E:SSLroutines::ca mtd too week [ERR]"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
I have been running merlin 386.1 on AC86(router) and my AP(AC68)for quite some time, stable and all I need.
I have been running ovpn server on my router for along time, need to be able to reach my NAS and cameras when not at home.

However, on my iOS device opvn has been updated to 3.4.1, this is where I lost connection to my opvn server.
I tried all the the suggestions, DISABLE, 1024 - 2048, HWAC Authentication SHA256.
I deleted all Keys and certificates, also set all to default.
Re-generated ovpn client to my iOS phone, same issue as before, cant connect.

Then i saw a post from Merlin, that changing from SHA1 to SHA256 got lost at 386.1.
In Merlins 386.4 change log I found this,
- FIXED: Generated OpenVPN certs used SHA1 signatures
instead of SHA256 (regression from 386.1)

I am considering to go from 386.1 to 386.5, hoping this will solve my issue.
I cant find in any change log from 386.1 to 385.5 that factory reset is needed, can it be so?
Im hoping that a factory reset is not needed mainly due to a lot of port forwarding and that I 1finally got my Sonos S1 and S2 working properly.

Would you suggest me to do a factory reset and re-configure all my settings regardless of not finding this needed in change-log?

Why not update the main router to 386.12_4? It would make sense as it's the most recent, and there were more recent changes to openvpn (386.9 springs to mind).
Yes, I would definitely recommend factory reset and setup from scratch.
Yes that is a good reason, but for now and for starters I only need ovpn to work again.
If I can do that without factory reset, which I also forgotten how to do(a bit cumbersome if I remember correctly) I would be happy for now.
Again, if I dont see a note in change-log that factory reset is needed, then it is not required?

But you are correct, best would be to run on latest, and I will do so when I have more time, and not that dependent for wifi to not be down for too long.

Generally jumping a few versions would probably entail a factory reset. As you're just going to flash 386.4 then you may get away with it. Only you will know. If/when you do move to the latest I recommend you take some time to prepare for a full factory reset.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!