check if using md5 in windows
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
check if using md5 in windows
I got a notification on my android about md5 expiring and after a google i found there a way to check if its md5 signed or not but thats using openssl. i'm running windows, the files were created on windows about a year ago using the easy-rsa script. im sure its pretty basic stuff but it seemed to take me ages to setup and actually work so rather not have to do it again if i don't have to..
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: check if using md5 in windows
OpenVPN for Windows will (eventually) ship with EasyRSA version 3.
I would recommend you recreate your entire PKI .. it really is not difficult .. read vars.example carefully.
I would recommend you recreate your entire PKI .. it really is not difficult .. read vars.example carefully.
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: check if using md5 in windows
is there a version of windows with this easy RSA version 3 yet?
and is someone able to point me to a tutorial to recreate everything without using the md5 check
i can run a very minimalist crashbang on a virtual machine if it would work and can follow a tutorial
and is someone able to point me to a tutorial to recreate everything without using the md5 check
i can run a very minimalist crashbang on a virtual machine if it would work and can follow a tutorial
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: check if using md5 in windows
Not yet.
Documentation is included with easyrsa3 ..
You should not create a live PKI on a VM because it is likely to have too little entropy.
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: check if using md5 in windows
ok so i downloaded easyRSA3 and think i have created what i need just unsure about the server
so basically i run
and create my clients.... and server?
then i have to sign the clients by
and the server by this code?
and then i can use the same *.opvn files for and just replace the client crt and key on the device?
so basically i run
Code: Select all
./easyrsa gen-req EntityName
then i have to sign the clients by
Code: Select all
./easyrsa sign-req client EntityName
Code: Select all
./easyrsa sign-req server EntityName
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: check if using md5 in windows
so i created a new pki,
new ca.crt
new client and server crt's signed them and put the Public Server Cert, CA Cert, Private Server Key, DH PEM files etc into my router(dd-wrt) with same config and new client.crt, client.key ca.key onto my phone same opvn config edited for the name change and it wont work... yet my old md5 hashed ones were working just before i changed it all
swapped back to md5 hashed ones and it works.
LOGFILE FROM THE ANDROID host name and public ip address are correct
and this just repeats
i didn't edit the vars file as i dont think i require anything advanced?
don't know if there's something extra i have to add into the opvn files due to the different encryption? or something in the server?
if there's something i have to put into "TLS Auth Key" menu on the router
if having a password on the Client and server files is causing it?
if i require a TLS Cipher (found in advanced menu) and if so does the opvn file need something added
new ca.crt
new client and server crt's signed them and put the Public Server Cert, CA Cert, Private Server Key, DH PEM files etc into my router(dd-wrt) with same config and new client.crt, client.key ca.key onto my phone same opvn config edited for the name change and it wont work... yet my old md5 hashed ones were working just before i changed it all
swapped back to md5 hashed ones and it works.
LOGFILE FROM THE ANDROID host name and public ip address are correct
Code: Select all
21:59:49.656 -- EVENT: RECONNECTING
21:59:49.685 -- EVENT: RESOLVE
21:59:49.700 -- Contacting xx.xxx.xxx.xxx:xxxx via TCP
21:59:49.702 -- EVENT: WAIT
21:59:49.734 -- Transport Error: TCP connect error on 'MY.HOST.NAME:xxxx' (xx.xxx.xxx.xxx:xxxx): Connection refused
21:59:49.737 -- Client terminated, restarting in 2000 ms...
i didn't edit the vars file as i dont think i require anything advanced?
don't know if there's something extra i have to add into the opvn files due to the different encryption? or something in the server?
if there's something i have to put into "TLS Auth Key" menu on the router
if having a password on the Client and server files is causing it?
if i require a TLS Cipher (found in advanced menu) and if so does the opvn file need something added
Last edited by B-Man on Thu Apr 19, 2018 1:19 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: check if using md5 in windows
Look on your server for a log file.
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: check if using md5 in windows
don't seem to get any interaction with the server? when running the other vpn setup i get quite a bit coming up
have i created the server file wrong? i followed instructions for client but had to figure i type for the one i wanted as server?
also tidied up the previous post above ^^^
am i somehow able to resign my old files without the md5 hash? and hope they work?
have i created the server file wrong? i followed instructions for client but had to figure i type
Code: Select all
./easyrsa sign-req server EntityName
also tidied up the previous post above ^^^
Code: Select all
Serverlog:
dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto tcp-server cipher aes-128-cbc auth sha256 client-connect /tmp/openvpn/clcon.sh client-disconnect /tmp/openvpn/cldiscon.sh client-config-dir /jffs/etc/openvpn/ccd comp-lzo adaptive tls-server duplicate-cn client-to-client tcp-nodelay tun-mtu 1500 mtu-disc yes server 192.168.71.0 255.255.255.0 dev tun2 tun-ipv6