Page 1 of 1
check if using md5 in windows
Posted: Tue Apr 17, 2018 2:18 am
by B-Man
I got a notification on my android about md5 expiring and after a google i found there a way to check if its md5 signed or not but thats using openssl. i'm running windows, the files were created on windows about a year ago using the easy-rsa script. im sure its pretty basic stuff but it seemed to take me ages to setup and actually work so rather not have to do it again if i don't have to..
Re: check if using md5 in windows
Posted: Tue Apr 17, 2018 12:33 pm
by TinCanTech
OpenVPN for Windows will (eventually) ship with
EasyRSA version 3.
I would recommend you recreate your entire PKI .. it really is not difficult .. read
vars.example carefully.
Re: check if using md5 in windows
Posted: Wed Apr 18, 2018 12:37 pm
by B-Man
is there a version of windows with this easy RSA version 3 yet?
and is someone able to point me to a tutorial to recreate everything without using the md5 check
i can run a very minimalist crashbang on a virtual machine if it would work and can follow a tutorial
Re: check if using md5 in windows
Posted: Wed Apr 18, 2018 1:07 pm
by TinCanTech
B-Man wrote: ↑Wed Apr 18, 2018 12:37 pm
is there a version of windows with this easy RSA version 3 yet?
Not yet.
B-Man wrote: ↑Wed Apr 18, 2018 12:37 pm
and is someone able to point me to a tutorial to recreate everything without using the md5 check
Documentation is included with easyrsa3 ..
B-Man wrote: ↑Wed Apr 18, 2018 12:37 pm
i can run a very minimalist crashbang on a virtual machine if it would work and can follow a tutorial
You should not create a live PKI on a VM because it is likely to have too little entropy.
Re: check if using md5 in windows
Posted: Thu Apr 19, 2018 7:59 am
by B-Man
ok so i downloaded easyRSA3 and think i have created what i need just unsure about the server
so basically i run
and create my clients.... and server?
then i have to sign the clients by
Code: Select all
./easyrsa sign-req client EntityName
and the server by this code?
Code: Select all
./easyrsa sign-req server EntityName
and then i can use the same *.opvn files for and just replace the client crt and key on the device?
Re: check if using md5 in windows
Posted: Thu Apr 19, 2018 12:26 pm
by B-Man
so i created a new pki,
new ca.crt
new client and server crt's signed them and put the Public Server Cert, CA Cert, Private Server Key, DH PEM files etc into my router(dd-wrt) with same config and new client.crt, client.key ca.key onto my phone same opvn config edited for the name change and it wont work... yet my old md5 hashed ones were working just before i changed it all
swapped back to md5 hashed ones and it works.
LOGFILE FROM THE ANDROID host name and public ip address are correct
Code: Select all
21:59:49.656 -- EVENT: RECONNECTING
21:59:49.685 -- EVENT: RESOLVE
21:59:49.700 -- Contacting xx.xxx.xxx.xxx:xxxx via TCP
21:59:49.702 -- EVENT: WAIT
21:59:49.734 -- Transport Error: TCP connect error on 'MY.HOST.NAME:xxxx' (xx.xxx.xxx.xxx:xxxx): Connection refused
21:59:49.737 -- Client terminated, restarting in 2000 ms...
and this just repeats
i didn't edit the vars file as i dont think i require anything advanced?
don't know if there's something extra i have to add into the opvn files due to the different encryption? or something in the server?
if there's something i have to put into "TLS Auth Key" menu on the router
if having a password on the Client and server files is causing it?
if i require a TLS Cipher (found in advanced menu) and if so does the opvn file need something added
Re: check if using md5 in windows
Posted: Thu Apr 19, 2018 12:43 pm
by TinCanTech
Look on your server for a log file.
Re: check if using md5 in windows
Posted: Thu Apr 19, 2018 1:26 pm
by B-Man
don't seem to get any interaction with the server? when running the other vpn setup i get quite a bit coming up
have i created the server file wrong? i followed instructions for client but had to figure i type
Code: Select all
./easyrsa sign-req server EntityName
for the one i wanted as server?
also tidied up the previous post above ^^^
Code: Select all
Serverlog:
dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto tcp-server cipher aes-128-cbc auth sha256 client-connect /tmp/openvpn/clcon.sh client-disconnect /tmp/openvpn/cldiscon.sh client-config-dir /jffs/etc/openvpn/ccd comp-lzo adaptive tls-server duplicate-cn client-to-client tcp-nodelay tun-mtu 1500 mtu-disc yes server 192.168.71.0 255.255.255.0 dev tun2 tun-ipv6
am i somehow able to resign my old files without the md5 hash? and hope they work?