Hello!
I'm moving to the recent release of openwrt 22.03.0-rc4 and found that openvpn does not work!
2022-06-23 16:43:45 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-06-23 16:43:45 OpenVPN 2.5.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2022-06-23 16:43:45 library versions: wolfSSL 5.3.0
2022-06-23 16:43:45 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2022-06-23 16:43:46 TCP/UDP: Preserving recently used remote address: [AF_INET]185.133.208.223:19000
2022-06-23 16:43:46 UDPv4 link local: (not bound)
2022-06-23 16:43:46 UDPv4 link remote: [AF_INET]XXXXXX:19000
2022-06-23 16:43:46 VERIFY ERROR: depth=1, could not extract X509 subject string from certificate
2022-06-23 16:43:46 OpenSSL: verify problem on certificate
2022-06-23 16:43:46 OpenSSL: verify problem on certificate
2022-06-23 16:43:46 OpenSSL: verify problem on certificate
2022-06-23 16:43:46 TLS_ERROR: BIO read tls_read_plaintext error
2022-06-23 16:43:46 TLS Error: TLS object -> incoming plaintext read error
2022-06-23 16:43:46 TLS Error: TLS handshake failed
2022-06-23 16:43:46 SIGUSR1[soft,tls-error] received, process restarting
2022-06-23 16:43:51 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2022-06-23 16:43:51 TCP/UDP: Preserving recently used remote address: [AF_INET]185.133.208.223:19000
2022-06-23 16:43:51 UDPv4 link local: (not bound)
2022-06-23 16:43:51 UDPv4 link remote: [AF_INET]XXXXX:19000
2022-06-23 16:43:51 VERIFY ERROR: depth=1, could not extract X509 subject string from certificate
2022-06-23 16:43:51 OpenSSL: verify problem on certificate
2022-06-23 16:43:51 OpenSSL: verify problem on certificate
2022-06-23 16:43:51 OpenSSL: verify problem on certificate
2022-06-23 16:43:51 TLS_ERROR: BIO read tls_read_plaintext error
2022-06-23 16:43:51 TLS Error: TLS object -> incoming plaintext read error
2022-06-23 16:43:51 TLS Error: TLS handshake failed
2022-06-23 16:43:51 SIGUSR1[soft,tls-error] received, process restarting
client certificate looks just fine:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 175 (0xaf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IT, ST=MI, L=Milano, O=6project IPv6 Tunnel Broker, OU=M&M Networks, CN=6project IPv6 Tunnel Broker/name=6project/emailAddress=xxxxxx.org
Validity
Not Before: Mar 22 08:24:23 2022 GMT
Not After : Mar 19 08:24:23 2032 GMT
Subject: C=IT, ST=MI, L=Milano, O=6project IPv6 Tunnel Broker, OU=M&M Networks, CN=xxxxxxx/name=6project/emailAddress=XXXX.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:XXXXXXX
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
XXXX:6E
X509v3 Authority Key Identifier:
keyid:XXXX:F3
DirName:/C=IT/ST=MI/L=Milano/O=6project IPv6 Tunnel Broker/OU=M&M Networks/CN=6project IPv6 Tunnel Broker/name=6project/emailAddress=XXXX.org
serial:XXXX:17
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:kuznetsov
Signature Algorithm: sha256WithRSAEncryption
bb:XXXXX:fe:
-----BEGIN CERTIFICATE-----