OVPN server unable to generate 2048 bit RSA keys (384.19)

  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

SMS786

Senior Member
Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

Code:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/[email protected]
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/e[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?
 

octopus

Very Senior Member
Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

Code:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/[email protected]
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?
I answere you here, have you tested second/other server?
https://www.snbforums.com/threads/release-asuswrt-merlin-384-19-is-now-available.65801/post-610854

server-key.png
 

SMS786

Senior Member

octopus

Very Senior Member
Yes I saw your answer, but that was to a different question. Here I see the boxes when setting up both servers, and I have them both selected for 2048 bit, but still after saving the changes the generated ovpn config file shows a 1024 bit public key.
Look in your CA file instead.
 

RMerlin

Asuswrt-Merlin dev
Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

Code:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/[email protected]
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?
That is an old certificate, as it dates back to 2017.
 

SMS786

Senior Member
The concerning part was the 1024 bit tag below (despite setting 2048 during setup).

Code:
Aug 15 14:25:09 ovpn-server2:  Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
 

RMerlin

Asuswrt-Merlin dev
Can I generate a new one in the webUI using 2048 bit keys?
Reset that server instance to Default, then re-enable the instance.
 

SMS786

Senior Member
Reset that server instance to Default, then re-enable the instance.
That did the trick, much thanks!

Code:
Aug 16 03:27:40 ovpn-server: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 2048 bit RSA
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top