Upgraded one router with incremental UI upgrades, and another with a reinstall from thumb drive. Client no longer connects to either VPN server. What’s the fix a package reinstall or other?
Read the intermediate patch notes for 2.5 → 2.6 → 2.7, as there have been multiple instances where certain old/insecure VPN setups were depreciated. Off the top of my head I know that you can no longer use static keys for OpenVPN.
you might need to look at the hashing algorithm used
i cant remember exactly but i think something changed from SHA to SHA2 or something like that.
I remember we faced an issue with the switch-off if LZO compression by default in the latest OpenVPN instance… we had to enable it so that previously released clients were able to connect again… maybe worth a try…
^ that, and HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection | Netgate Forum
Switch to wire-guard n dump old crypto with limitations like a port open.
I’m using TLS + User Auth. The cyphers used were apparently depreciated.
The cyphers were depreciated so had to choose others. However the UI is picky and doesn’t make choosing them easy
Ok, I got spun up;
Mode: Remote Access ( SSL/TLS + User Auth )
Data Ciphers: AES-128-CBC, AES-256-CBC, CHACHA20-POLY1305
Digest: SHA1
D-H Params: 2048 bit
What should be the fallback data encryption algorithm be?
Which is a more secure preferred digest than SHA1?
And how do I know which cipher was used in the connection? Syslog reports about 10.
Edit: By spun up I mean its connecting. The UI is picky. Repeatedly gives error on entry/save. It took plenty of stabbing to get them to take & can’t replicate how I managed. Got more routers to do.