Verysecure wrote: ↑
Fri Oct 20, 2023 11:08 am
I experienced the same. I'm using the OpenVPN server on my Asus router.
Not being an expert, this is what I did to revert it to a working situation again.
Note that it failed on my iOS device (v3.4.0) yet still work on the Windows client (v3.3.7). So, also the Windows client would fail as soon as there would be an update. There is actually a pretty clear Warning message still visible on Windows: "WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future
". I had noted that before but ignored it... Up till now.
Steps to resolve using my Asus router as example:
On the Asus router
1. Change from SHA1 to SHA256
1a. Go to VPN / VPN Server / OpenVPN / VPN details: advanced / HMAC authentication: change to SHA256
1b. Click Apply
2 Renew the certificate
2a. Go to VPN / VPN Server / OpenVPN and click Renew Certification
3. Export a new 'OpenVPN configuration file'
3a. Go to VPN / VPN Server / OpenVPN and click Export OpenVPN configuration file
3b. Store the .ovpn file with some logical name
4. Optionally you can change the username and password for OpenVPN access, that should probably happen before you export the .ovpn file.
On the OpenVPN clients
1. Send the .ovpn config file to the client device
2. On the OpenVPN client program, suggest to delete the previous profile and install the new profile from the .ovpn file
2a. Process is a bit different for Windows (just upload the file to the Client) and iOS (send the .ovpn file by email, hard-delete email thereafter)
@others: please update/improve were needed!