What's new

OVPN server unable to generate 2048 bit RSA keys (384.19)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SMS786

Senior Member
Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

Code:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:

The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?
 
Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

Code:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:

The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?
I answere you here, have you tested second/other server?
https://www.snbforums.com/threads/release-asuswrt-merlin-384-19-is-now-available.65801/post-610854

server-key.png
 
Yes I saw your answer, but that was to a different question. Here I see the boxes when setting up both servers, and I have them both selected for 2048 bit, but still after saving the changes the generated ovpn config file shows a 1024 bit public key.
Look in your CA file instead.
 
Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

Code:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:

The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?

That is an old certificate, as it dates back to 2017.
 
The concerning part was the 1024 bit tag below (despite setting 2048 during setup).

Code:
Aug 15 14:25:09 ovpn-server2:  Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
 
Can I generate a new one in the webUI using 2048 bit keys?

Reset that server instance to Default, then re-enable the instance.
 
Reset that server instance to Default, then re-enable the instance.

That did the trick, much thanks!

Code:
Aug 16 03:27:40 ovpn-server: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 2048 bit RSA
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top