Core Error?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
neo_rules
OpenVpn Newbie
Posts: 2
Joined: Sun Sep 24, 2017 1:16 am

Core Error?

Post by neo_rules » Sun Sep 24, 2017 1:32 am

I have installed openvpn from pivpn and directly from openvpn on two different Raspberry Pi servers.
The last time I left encryption at 1024 and set simple passwords.
The server installed with no errors and started fine as far as I could tell.
I then created keys and loaded them on openvpn connect on my android phone.

The error I get is OpenVPN core error : PolarSSL : error parsing config private key: PKCS5 - requested encryption or digest alg not available.

I made sure the Comcast router has port 1194 open and such.
I have dynamic DNS running and when I put in the url I get my modem / router IP back correctly.

What am I missing?
What test should I run?
Thanks JC

neo_rules
OpenVpn Newbie
Posts: 2
Joined: Sun Sep 24, 2017 1:16 am

Re: Core Error?

Post by neo_rules » Sun Sep 24, 2017 7:01 pm

Problem solved:
IP6 must be disabled on the Raspberry pi when running the New Debian Stretch configuration.
The second thing I did was from Redit user tquilas https://www.reddit.com/r/raspberry_pi/c ... r_parsing/

Quoted
When you upgrade to Raspbian Stretch and use PiVPN to setup OpenVPN, you will get an error when you try to connect from an iOS/Android device: PolarSSL: error parsing config private key : PKCS5 - Requested encryption or digest alg not available.
I found a solution. You have to replace your Encrypted private key in the .ovpn file by a RSA private key. Let's say your .ovpn file is called abcd.ovpn. Follow these steps:
cd /etc/openvpn/easy-rsa
sudo ./easyrsa set-rsa-pass abcd
sudo nano pki/private/abcd.key
copy the RSA PRIVATE KEY including header and footer (-----BEGIN RSA PRIVATE KEY-----)...(-----END RSA PRIVATE KEY-----).
time to edit the .ovpn file: sudo nano pki/abcd.ovpn
replace the Encrypted private key (-----BEGIN ENCRYPTED PRIVATE KEY-----)...(-----END ENCRYPTED PRIVATE KEY-----) with the RSA private key you just copied, including header and footer.
save your abcd.ovpn file.
Good luck!
/quoted

This solved my problem. Now to generate a 2048 bit key instead of the test 1024.

If you see anything above that would have compromised the security of the VPN please let me know.

Thanks so much JC

klanimantsi
OpenVpn Newbie
Posts: 13
Joined: Mon Sep 04, 2017 9:00 am

Re: Core Error?

Post by klanimantsi » Mon Sep 25, 2017 9:04 am

Good advice, disabling IP6 is important. You have to be careful when you're setting up Raspberry, follow some articles https://www.1and1.com/digitalguide/server/configuration/vpn-server-set-up-via-raspberry-pi-and-openvpn/ like this one so that you make sure it's done properly.
Let us know how it goes:)

Post Reply