Problem connecting OpenWRT router to my Openvpn Server

kaskados · May 16, 2025, 1:28pm

Hello there ) Im trying to connect my router to my OpenVPN server and see this in my OpenWrt router log file:

1	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless allow-compression yes is also set.
2	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
3	Fri May 16 16:09:17 2025	daemon	notice	openvpn(VCT)[30335]: OpenVPN 2.5.8 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
4	Fri May 16 16:09:17 2025	daemon	notice	openvpn(VCT)[30335]: library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
5	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
6	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
7	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: OpenSSL: error:1C800064:Provider routines::bad decrypt
8	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: OpenSSL: error:11800074:PKCS12 routines::pkcs12 cipherfinal error
9	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: OpenSSL: error:1C800064:Provider routines::bad decrypt
10	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: OpenSSL: error:11800074:PKCS12 routines::pkcs12 cipherfinal error
11	Fri May 16 16:09:17 2025	daemon	warn	openvpn(VCT)[30335]: Cannot load private key file [[INLINE]]
12	Fri May 16 16:09:17 2025	daemon	err	openvpn(VCT)[30335]: Error: private key password verification failed
13	Fri May 16 16:09:17 2025	daemon	notice	openvpn(VCT)[30335]: Exiting due to fatal error

Its pretty clear, that the problem is in private key password. Im using askpass /etc/openvpn/VCT.auth string in openvpn.conf to make it understand, that my login-pass for private key is in that file specified. But it doesnt work ( So some friendly advice would be great ) Thank you )

egc · May 16, 2025, 1:58pm

I do not know if you have --auth-nocache but if you have remove it as it might no be compatible.

Having a private key password protected and then have that password visible in a file seems to make the use of a password somewhat moot.

So perhaps consider removing the password with something like:
openssl rsa -in privateKey.pem -out newPrivateKey.pem

I never used a password protected key because of arguments above so cannot help in more detail, but make sure the file is really there and the path and file name are correct and that the password is on the first line of the file, check there are no windows style line endings in the file.

kaskados · May 16, 2025, 2:38pm

Thank you SO-SO much ) The problem was that I wrote LOGIN and password to the auth file ) Such a silly mistake ( I removed login, only pass left and thats IT )
Thank you again )

egc · May 16, 2025, 2:59pm

Great to hear it is solved

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!