What's new
By:

Open VPN App No Longer Working

D

David2001

Occasional Visitor
After updating to the latest iOS Open VPN client, I can no longer connect to the server side on the Asus AX86U. I think the iOS client has updated to the newest open VPN version while the Asus Merlin server implementation is out of spec at this point. Is there a fix coming?
 

Attachments

  • IMG_2718.jpeg
    IMG_2718.jpeg
    60.2 KB · Views: 78
To add more details. I believe what is happening is that iOS client is now using Open SSL 3.0.8 while Asus Merlin’s implementation still issues 1.1.1
 
David2001 said:
After updating to the latest iOS Open VPN client, I can no longer connect to the server side on the Asus AX86U. I think the iOS client has updated to the newest open VPN version while the Asus Merlin server implementation is out of spec at this point. Is there a fix coming?
Click to expand...
The problem is not due to the OpenSSL (or OpenVPN) software. The cause of the error & the solution are spelled out in your screenshot.

----------------------------------------------------
"Error message: you are using insecure hash algorithm in CA signature. Please regenerate CA with other hash algorithm."
----------------------------------------------------

IOW, when you generated your current OpenVPN CA certificate, the signature hash algorithm that was used is no longer supported by the updated OpenVPN client s/w (likely because that hash algorithm is now deprecated), so you must now regenerate your CA certificate using the "Renew" button on the router's webGUI and then export the new client configuration file.

After the CA certificate has been regenerated, you can check what the signature hash algorithm is with the following command (via an SSH terminal session):
Bash: 
openssl x509 -noout -text -in "/jffs/openvpn/vpn_crt_server1_ca" | grep "Signature Algorithm"
It should be "sha256WithRSAEncryption" instead of whatever you had before (you can check what signature you have now by using the same command above, if you want to compare them).
 
Last edited:
Ok that worked. Thanks!
*I at first just re-exported the certificate. Didn’t think I needed to recreate it from some reason.
 
You must log in or register to reply here.

Similar threads

Wishmaster1965
AdGuardHome Open VPN query
Replies
1
Views
658
Wishmaster1965
Wishmaster1965
A
VPN settings does not "stick
Replies
2
Views
633
ATJ
A
M
WireGuard no longer auto reconnects upon server IP address change
Replies
0
Views
272
melodies-2
M
J
Cannot open router ui when connected to router via vpn
Replies
3
Views
990
joeejo
J
A
Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)
Replies
18
Views
1K
Aiadi
A
Similar threads
Thread starter Title Forum Replies Date
R Windscribe Open VPN Config issue on AX 86U pro running merlin 3006.102.5 Asuswrt-Merlin 0
J Cannot open router ui when connected to router via vpn Asuswrt-Merlin 3
R Open VPN per client configuration router help Asuswrt-Merlin 15
Labdoc AX56 aimesh node shows open access (no password or security) Asuswrt-Merlin 5
C Unknown service with TCP port open on the WAN interface of the router Asuswrt-Merlin 11
D Entware [AX86U Merlin 3004.388.9_2] Disabling Firewall in WebUI allows Transmission to open the famous closed port, but WebUI Port Forwarding does not. Asuswrt-Merlin 1
A ASUS ax58u lan routing to wan or vpn Asuswrt-Merlin 0
M BE98 Single Device only VPN Asuswrt-Merlin 1
A Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading) Asuswrt-Merlin 18
Vimes AX88U and improvements for Wireguard VPN..... Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,835 (members: 11, guests: 1,824)
Back
Top