Menu
What's new
By:
Filters Better Search

VPN Cannot Connect due to Weak Hash Error

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

systematic

Regular Contributor
Hi All,



I have an ASUS Router AC86U flashed with Firmware version 386.11 and I have enabled the OpenVPN Server in the router settings as follows:

Screenshot 2023-08-24 at 11.04.45.png




I have downloaded the latest version of the OpenVPN Connect and loaded the tried connect to the router from a remote location and get the following error message:

Screenshot 2023-08-24 at 11.05.25.png




Here are the logs in OpenVPN Connect:

Screenshot 2023-08-24 at 11.07.33.png


Now I read in a previous thread to add a line to the OVPN config file as follows:
Screenshot 2023-08-24 at 11.15.21.png


This still gave the same error message. Any idea what I can do please to get it working?

ive used OpenVPN connect AND Tunnel Blink and both do not connect.
 
Other VPN clients are available ;)
 
Sorry im a newb when you say other VPN clients are available. Do you mean I need to use the PPTP or IPSEC VPN options on the router instead of OpenVPN?
 
I mean there's other software available for windows. Just because it's an openvpn server doesn't mean you have to use openvpn client software.
As an aside, go back into the server settings on the router and select "advanced settings" instead of "general". See what data ciphers are available.
Forget that, this is about your router's SSL cert. I'll wait for some more replies.
 

Attachments

  • 1000036091.jpg
    1000036091.jpg
    12.3 KB · Views: 74
Last edited:
Here are the data ciphers:

AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305

I am using a mac and per original message above, I have used both OpenVPN Client and TunnelBlink. Both do not connect.
 
The problem isn't with ciphers but with the signing algorithm used on the certificates. Earlier versions of the firmware used a SHA1 signature on the certificates, newer versions of OpenVPN (and their bundled TLS libraries) now require at a minimum SHA256.

Re-generating certificates and re-exporting the config file is indeed the best solution.
 
You must log in or register to reply here.

Similar threads

Chinquapin
Asus RT-AC56U Android Client gives: Error message: X509:parse_perm:error in cert::error:0480006C:PEM routines::no start
Replies
0
Views
290
Chinquapin
Chinquapin
B
Does Asus AC5300 OpenVPN server support connect with IPV6 network?
Replies
2
Views
624
beibeitu
B
M
VPN for a Cruise Ship
Replies
11
Views
659
sfx2000
sfx2000
Volkis
OpenVPN configuration not compatible with OpenVPN Connect 3.4.0
2
Replies
30
Views
6K
Pergola Fabio
P
Marty
RT-AC87U & OpenVPN: Using insecure hash algorithm in CA Sig
Replies
6
Views
2K
Chinquapin
Chinquapin
Similar threads
Thread starter Title Forum Replies Date
P Cannot get VPN to function properly from ASUS router to Apple TV VPN 3
gdgross Setting up VPN server (router?) for offsite access VPN 13
C Instant Guard IPsec VPN Log Showing Regular Access Attempts VPN 3
A Best way to set up vpn on router for gaming? VPN 13
M VPN for a Cruise Ship VPN 11
F Router for VPN with AES-NI VPN 8
S How to start client VPN from the CLI on tomato firmware VPN 0
Diablo99 How to build a safe VPN VPN 3
F Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists VPN 2
P OPNsense / Adguard / DNS & VPN questions VPN 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 977 (members: 29, guests: 948)
Top