check if using md5 in windows

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
B-Man
OpenVPN User
Posts: 30
Joined: Fri Jan 27, 2017 12:11 pm

check if using md5 in windows

Post by B-Man » Tue Apr 17, 2018 2:18 am

I got a notification on my android about md5 expiring and after a google i found there a way to check if its md5 signed or not but thats using openssl. i'm running windows, the files were created on windows about a year ago using the easy-rsa script. im sure its pretty basic stuff but it seemed to take me ages to setup and actually work so rather not have to do it again if i don't have to..

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: check if using md5 in windows

Post by TinCanTech » Tue Apr 17, 2018 12:33 pm

OpenVPN for Windows will (eventually) ship with EasyRSA version 3.

I would recommend you recreate your entire PKI .. it really is not difficult .. read vars.example carefully.

B-Man
OpenVPN User
Posts: 30
Joined: Fri Jan 27, 2017 12:11 pm

Re: check if using md5 in windows

Post by B-Man » Wed Apr 18, 2018 12:37 pm

is there a version of windows with this easy RSA version 3 yet?

and is someone able to point me to a tutorial to recreate everything without using the md5 check

i can run a very minimalist crashbang on a virtual machine if it would work and can follow a tutorial

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: check if using md5 in windows

Post by TinCanTech » Wed Apr 18, 2018 1:07 pm

B-Man wrote:
Wed Apr 18, 2018 12:37 pm
is there a version of windows with this easy RSA version 3 yet?
Not yet.
B-Man wrote:
Wed Apr 18, 2018 12:37 pm
and is someone able to point me to a tutorial to recreate everything without using the md5 check
Documentation is included with easyrsa3 ..
B-Man wrote:
Wed Apr 18, 2018 12:37 pm
i can run a very minimalist crashbang on a virtual machine if it would work and can follow a tutorial
You should not create a live PKI on a VM because it is likely to have too little entropy.

B-Man
OpenVPN User
Posts: 30
Joined: Fri Jan 27, 2017 12:11 pm

Re: check if using md5 in windows

Post by B-Man » Thu Apr 19, 2018 7:59 am

ok so i downloaded easyRSA3 and think i have created what i need just unsure about the server

so basically i run

Code: Select all

./easyrsa gen-req EntityName
and create my clients.... and server?

then i have to sign the clients by

Code: Select all

./easyrsa sign-req client EntityName
and the server by this code?

Code: Select all

./easyrsa sign-req server EntityName
and then i can use the same *.opvn files for and just replace the client crt and key on the device?

B-Man
OpenVPN User
Posts: 30
Joined: Fri Jan 27, 2017 12:11 pm

Re: check if using md5 in windows

Post by B-Man » Thu Apr 19, 2018 12:26 pm

so i created a new pki,
new ca.crt
new client and server crt's signed them and put the Public Server Cert, CA Cert, Private Server Key, DH PEM files etc into my router(dd-wrt) with same config and new client.crt, client.key ca.key onto my phone same opvn config edited for the name change and it wont work... yet my old md5 hashed ones were working just before i changed it all
swapped back to md5 hashed ones and it works.

LOGFILE FROM THE ANDROID host name and public ip address are correct

Code: Select all

21:59:49.656 -- EVENT: RECONNECTING

21:59:49.685 -- EVENT: RESOLVE

21:59:49.700 -- Contacting xx.xxx.xxx.xxx:xxxx via TCP

21:59:49.702 -- EVENT: WAIT

21:59:49.734 -- Transport Error: TCP connect error on 'MY.HOST.NAME:xxxx' (xx.xxx.xxx.xxx:xxxx): Connection refused

21:59:49.737 -- Client terminated, restarting in 2000 ms...
and this just repeats


i didn't edit the vars file as i dont think i require anything advanced?

don't know if there's something extra i have to add into the opvn files due to the different encryption? or something in the server?

if there's something i have to put into "TLS Auth Key" menu on the router

if having a password on the Client and server files is causing it?

if i require a TLS Cipher (found in advanced menu) and if so does the opvn file need something added
Last edited by B-Man on Thu Apr 19, 2018 1:19 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: check if using md5 in windows

Post by TinCanTech » Thu Apr 19, 2018 12:43 pm

Look on your server for a log file.

B-Man
OpenVPN User
Posts: 30
Joined: Fri Jan 27, 2017 12:11 pm

Re: check if using md5 in windows

Post by B-Man » Thu Apr 19, 2018 1:26 pm

don't seem to get any interaction with the server? when running the other vpn setup i get quite a bit coming up

have i created the server file wrong? i followed instructions for client but had to figure i type

Code: Select all

./easyrsa sign-req server EntityName
for the one i wanted as server?

also tidied up the previous post above ^^^

Code: Select all

Serverlog: 

dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto tcp-server cipher aes-128-cbc auth sha256 client-connect /tmp/openvpn/clcon.sh client-disconnect /tmp/openvpn/cldiscon.sh client-config-dir /jffs/etc/openvpn/ccd comp-lzo adaptive tls-server duplicate-cn client-to-client tcp-nodelay tun-mtu 1500 mtu-disc yes server 192.168.71.0 255.255.255.0 dev tun2 tun-ipv6
am i somehow able to resign my old files without the md5 hash? and hope they work?

Post Reply