What's new

VPN Cannot Connect due to Weak Hash Error

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

systematic

Regular Contributor
Hi All,



I have an ASUS Router AC86U flashed with Firmware version 386.11 and I have enabled the OpenVPN Server in the router settings as follows:

Screenshot 2023-08-24 at 11.04.45.png




I have downloaded the latest version of the OpenVPN Connect and loaded the tried connect to the router from a remote location and get the following error message:

Screenshot 2023-08-24 at 11.05.25.png




Here are the logs in OpenVPN Connect:

Screenshot 2023-08-24 at 11.07.33.png


Now I read in a previous thread to add a line to the OVPN config file as follows:
Screenshot 2023-08-24 at 11.15.21.png


This still gave the same error message. Any idea what I can do please to get it working?

ive used OpenVPN connect AND Tunnel Blink and both do not connect.
 
Other VPN clients are available ;)
 
Sorry im a newb when you say other VPN clients are available. Do you mean I need to use the PPTP or IPSEC VPN options on the router instead of OpenVPN?
 
I mean there's other software available for windows. Just because it's an openvpn server doesn't mean you have to use openvpn client software.
As an aside, go back into the server settings on the router and select "advanced settings" instead of "general". See what data ciphers are available.
Forget that, this is about your router's SSL cert. I'll wait for some more replies.
 

Attachments

  • 1000036091.jpg
    1000036091.jpg
    12.3 KB · Views: 72
Last edited:
Here are the data ciphers:

AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305


I am using a mac and per original message above, I have used both OpenVPN Client and TunnelBlink. Both do not connect.
 
The problem isn't with ciphers but with the signing algorithm used on the certificates. Earlier versions of the firmware used a SHA1 signature on the certificates, newer versions of OpenVPN (and their bundled TLS libraries) now require at a minimum SHA256.

Re-generating certificates and re-exporting the config file is indeed the best solution.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top