I'm starting with my openvpn server, after years of being client-only user.
I've successfully connected my current linux box to the server using more-or-less default sample configuration and howto.
The problem is I've got a host I need to connect which has OpenVPN 2.0.7 x86_64-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 12 2006
and update is not an option.
First I needed to comment out remote-cert-tls server, ok, less secure.
But then as i've tried to start openvpn the following error occurred:
Code: Select all
Cannot load private key file <cut>.key: error:0607607D:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported prf: error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure: error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error: error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error: error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
This openvpn is working as a client for other server successfully.
Can I change the certificate to make it compatible with that old openvpn? Is it possible? This key is generated with easyrsa 3.0.6. The server is 2.4.7.