Illustrator76
New Around Here
Hi,
I have been using OpenVPN with the stock Asus firmware for a while now with no issues. Recently I updated my desktop VPN client (Viscosity) only to find out that it could no longer connect to my Asus VPN. After doing a bit of research I discovered that the issue was that the stock Asus firmware generates too small of a Diffie Hellman key, and Viscosity now requires a larger key. I decided to go ahead and install the Merlin firmware so that I could properly edit my (newly generated) Diffie Hellman key. The issue that I am having now is that after saving my new DH key, I am getting an SSL3_GET_SERVER_CERTIFICATE error and I have no reason why.
Before I started editing anything on my Asus router I exported a copy of all 3 of my keys/certificates to an .ovpn file just to make sure. When I started getting that certificate error I went back and re-pasted those exported keys, yet I am still getting the same error. I have pasted my VPN client error log below. Can anyone help me fix this issue? It has been 2 days of me banging my head against the wall over something so stupid as Asus having outdated standards/firmware.
I am not super-knowledgeable when it comes to this key generation/certification stuff, so any help given is very much appreciated.
I have been using OpenVPN with the stock Asus firmware for a while now with no issues. Recently I updated my desktop VPN client (Viscosity) only to find out that it could no longer connect to my Asus VPN. After doing a bit of research I discovered that the issue was that the stock Asus firmware generates too small of a Diffie Hellman key, and Viscosity now requires a larger key. I decided to go ahead and install the Merlin firmware so that I could properly edit my (newly generated) Diffie Hellman key. The issue that I am having now is that after saving my new DH key, I am getting an SSL3_GET_SERVER_CERTIFICATE error and I have no reason why.
Before I started editing anything on my Asus router I exported a copy of all 3 of my keys/certificates to an .ovpn file just to make sure. When I started getting that certificate error I went back and re-pasted those exported keys, yet I am still getting the same error. I have pasted my VPN client error log below. Can anyone help me fix this issue? It has been 2 days of me banging my head against the wall over something so stupid as Asus having outdated standards/firmware.
I am not super-knowledgeable when it comes to this key generation/certification stuff, so any help given is very much appreciated.
Code:
Thu Nov 19 16:54:55 2015 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client.log: Access is denied. (errno=5)
Thu Nov 19 16:54:55 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Thu Nov 19 16:54:55 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Thu Nov 19 16:55:11 2015 UDPv4 link local: [undef]
Thu Nov 19 16:55:11 2015 UDPv4 link remote: [AF_INET]76.116.82.21:1194
Thu Nov 19 16:55:11 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Nov 19 16:55:12 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, [email protected]
Thu Nov 19 16:55:12 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Nov 19 16:55:12 2015 TLS Error: TLS object -> incoming plaintext read error
Thu Nov 19 16:55:12 2015 TLS Error: TLS handshake failed
Thu Nov 19 16:55:12 2015 SIGUSR1[soft,tls-error] received, process restarting
Thu Nov 19 16:55:14 2015 UDPv4 link local: [undef]
Last edited:
