Second router for vpn

NetwrkNoob · July 19, 2024, 7:12pm

Looking for help on best way to set up a second router with vpn.

I have an OPNSense main router (Router 1 192.168.1.1)
I have a stock Asus router in AP mode, connected to main router via ethernet (Router 2 192.168.1.2)
I want to use an old router with OpenWRT to provide vpn to a Roku. (Router 3 192.168.1.3 connected to Router 2 via ethernet)
The Roku will be the only device connected to Router 3
All other devices connect to AP 192.168.1.2
I do not need my main router providing vpn to the rest of the network.

How should the OpenWRT router (Router 3) be configured to provide vpn to the Roku?

Thanks for taking the time to read this and let me know if you need more info.

psherman · July 19, 2024, 7:15pm

It should be fairly straight forward, but it does depend on the device that you're using. What is the output of:

ubus call system board

NetwrkNoob · July 19, 2024, 7:30pm

I'll have to fire up the router to get that but in the mean time I can say its a TPLink Archer C7 v2

NetwrkNoob · July 19, 2024, 8:00pm

As my user name says, I am a noob.
Where do I enter that command?

psherman · July 19, 2024, 8:19pm

Since you have a C7v2, we know it can run the latest OpenWrt and VPNs without issue.

Basically, the easiest way to:

Change the lan IP of your OpenWrt device to a different subnet (i.e. 192.168.2.1).
connect a wire between the lan of your main network and the wan of your C7v2.
Install the desired VPN protocol (Wireguard is recommended if your VPN provider supports it).
Configure the VPN per the provider's instructions (we can help you if you need some 'translation' to the OpenWrt side).
Enable wifi if needed.
Connect your devices that need VPN to the lan and/or wifi of the C7v2.

mk24 · July 19, 2024, 8:25pm

Good advice there. The "whole house" VPN client is based on lan->wan routing. This is true even if the router is not connected directly to the ISP but goes through another router as it will here. The other router only sees an outgoing connection of encrypted packets, so no special configuration of it is needed.

The default configuration is a lan->wan router, so after changing the lan IP address to avoid conflict, it should route to the Internet from a LAN port. Test this with the Roku before proceeding further with the VPN.

NetwrkNoob · July 19, 2024, 8:25pm

I think changing the subnet is the piece I was missing.
I will try those changes and let you know how it goes.

Thanks for your help!

NetwrkNoob · July 20, 2024, 2:35pm

Made the change to the subnet which gave me internet via the wan port and even allowed me to use a custom dns.

Then I reset everything to default, changed the subnet again and tried setting up openvpn but could not get the vpn to work using the tutorial.

I will try tinkering some more and ask for more help if I still cant get it going.

Thanks for all the help

NetwrkNoob · July 21, 2024, 1:10am

Can not seem to get openvpn working.

Openvpn is enabled and started under vpn tab.
Following the tutorial, the next step is to create an interface with protocol unmanaged and device tun0.
When I click on the dropdown for Device, I do not see tun0 so I just typed tun0 and hit enter. Is that correct? From the tutorial, it looks as if tun0 should show up as one of the options.

Thans for any and alll help

psherman · July 21, 2024, 1:40am

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
cat /etc/config/openvpn

NetwrkNoob · July 21, 2024, 2:07am

-
root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
        "model": "TP-Link Archer C7 v2",
        "board_name": "tplink,archer-c7-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddc:c9bb:b10d::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 6t'

config interface 'vpn'
        option proto 'none'
        option device 'tun0'
        option auto '0'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list device 'eth1.1'
        list network 'wan'
        list network 'wan6'
        list network 'vpn'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

root@OpenWrt:~# cat /etc/config/openvpn

config openvpn 'custom_config'
        option config '/etc/openvpn/my-vpn.conf'

config openvpn 'sample_server'
        option port '1194'
        option proto 'udp'
        option dev 'tun'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/server.crt'
        option key '/etc/openvpn/server.key'
        option dh '/etc/openvpn/dh2048.pem'
        option server '10.8.0.0 255.255.255.0'
        option ifconfig_pool_persist '/tmp/ipp.txt'
        option keepalive '10 120'
        option persist_key '1'
        option persist_tun '1'
        option user 'nobody'
        option status '/tmp/openvpn-status.log'
        option verb '3'

config openvpn 'sample_client'
        option client '1'
        option dev 'tun'
        option proto 'udp'
        list remote 'my_server_1 1194'
        option resolv_retry 'infinite'
        option nobind '1'
        option persist_key '1'
        option persist_tun '1'
        option user 'nobody'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/client.crt'
        option key '/etc/openvpn/client.key'
        option verb '3'

config openvpn 'vpn'
        option config '/etc/openvpn/vpn.ovpn'
        option enabled '1'

psherman · July 21, 2024, 2:13am

Remove these two lines from the lan interface

Remove the device from the wan firewall zone

Let’s see the output of

cat /etc/openvpn/vpn.ovpn
logread -e openvpn

NetwrkNoob · July 21, 2024, 2:21am

root@OpenWrt:~# cat /etc/openvpn/vpn.ovpn
auth md5
auth-user-pass /etc/openvpn/vpn.auth
cipher AES-256-CBC
client
comp-lzo adaptive
dev tun
explicit-exit-notify 2
fragment 1390
hand-window 30
key-direction 1
mssfix
mute 3
mute-replay-warnings
nobind
ns-cert-type server
persist-key
proto udp
redirect-gateway def1
remote 216.131.83.245 1194 udp
reneg-sec 0
resolv-retry infinite
route-delay 2
route-method exe
route-metric 1
topology subnet
tun-mtu 1500
verb 3
<ca>

NetwrkNoob · July 21, 2024, 2:24am

Have to split next output into two

root@OpenWrt:~# logread -e openvpn
Sat Jul 20 21:24:02 2024 daemon.warn openvpn(vpn)[2096]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Sat Jul 20 21:24:02 2024 daemon.warn openvpn(vpn)[2096]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Jul 20 21:24:03 2024 daemon.notice openvpn(vpn)[2096]: OpenVPN 2.5.8 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Jul 20 21:24:03 2024 daemon.notice openvpn(vpn)[2096]: library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
Sat Jul 20 21:24:03 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:24:03 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:24:05 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=25c7309b 13d1d63b
Sat Jul 20 21:24:05 2024 daemon.warn openvpn(vpn)[2096]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jul 20 21:24:06 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:24:06 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:24:06 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:24:06 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:24:06 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:24:06 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:24:06 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 5 second(s)
Sat Jul 20 21:26:43 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:26:43 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:43 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=b726bb5c 0903f53a
Sat Jul 20 21:26:44 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:26:44 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:26:44 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:26:44 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:26:44 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:26:44 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:26:44 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 5 second(s)
Sat Jul 20 21:26:49 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:26:49 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=6236f3bd b0cad088
Sat Jul 20 21:26:49 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:26:49 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:26:49 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:26:49 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 5 second(s)
Sat Jul 20 21:26:54 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:26:54 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=a4693c97 1a87381b
Sat Jul 20 21:26:54 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:26:54 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:26:54 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:26:54 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 5 second(s)
Sat Jul 20 21:26:59 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:26:59 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=787d9e06 77776c98
Sat Jul 20 21:26:59 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:26:59 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:26:59 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:26:59 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 10 second(s)
Sat Jul 20 21:27:09 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:27:09 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=f7f29abc a3c8679a
Sat Jul 20 21:27:09 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:27:09 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:27:09 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:27:09 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 20 second(s)
Sat Jul 20 21:27:29 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:27:29 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=b7bbd7e4 5117a75b
Sat Jul 20 21:27:29 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:27:29 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:27:29 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:27:29 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 40 second(s)
Sat Jul 20 21:28:09 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:28:09 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=1b8ec579 9792f6c5
Sat Jul 20 21:28:09 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:28:09 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:28:09 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:28:09 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 80 second(s)
Sat Jul 20 21:29:29 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

NetwrkNoob · July 21, 2024, 2:25am

Sat Jul 20 21:29:29 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=67e1ebc7 27ede8b0
Sat Jul 20 21:29:29 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:29:29 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:29:29 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:29:29 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 160 second(s)
Sat Jul 20 21:32:09 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:32:09 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=92d88377 44df8fdd
Sat Jul 20 21:32:09 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:32:09 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:32:09 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:32:09 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 21:37:09 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:37:09 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=01a867b9 7d248928
Sat Jul 20 21:37:09 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:37:09 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:37:09 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:37:09 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 21:42:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:42:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=120e970d 88d9d831
Sat Jul 20 21:42:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:42:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:42:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:42:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 21:47:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:47:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=b8f709f9 3fea340b
Sat Jul 20 21:47:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:47:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:47:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:47:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 21:52:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:52:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=3872a117 f7ac8ea4
Sat Jul 20 21:52:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:52:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:52:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:52:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 21:57:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 21:57:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=03c34970 0e899e6d
Sat Jul 20 21:57:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 21:57:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 21:57:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 21:57:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 22:02:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 22:02:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=052d769e 140c5832
Sat Jul 20 22:02:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 22:02:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 22:02:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 22:02:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 22:07:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 22:07:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=dc93250d eed2eead
Sat Jul 20 22:07:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 22:07:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 22:07:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 22:07:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
Sat Jul 20 22:12:10 2024 daemon.warn openvpn(vpn)[2096]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jul 20 22:12:10 2024 daemon.warn openvpn(vpn)[2096]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: TCP/UDP: Preserving recently used remote address: [AF_INET]216.131.83.245:1194
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link local: (not bound)
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: UDP link remote: [AF_INET]216.131.83.245:1194
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: TLS: Initial packet from [AF_INET]216.131.83.245:1194, sid=96e2d003 7312b6d9
Sat Jul 20 22:12:10 2024 daemon.err openvpn(vpn)[2096]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=San-Francisco, O=reliablehosting.com, CN=openvpn, emailAddress=techies@reliablehosting.com, serial=1
Sat Jul 20 22:12:10 2024 daemon.err openvpn(vpn)[2096]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sat Jul 20 22:12:10 2024 daemon.err openvpn(vpn)[2096]: TLS_ERROR: BIO read tls_read_plaintext error
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: NOTE: --mute triggered...
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 20 22:12:10 2024 daemon.notice openvpn(vpn)[2096]: Restart pause, 300 second(s)
root@OpenWrt:~#

psherman · July 21, 2024, 2:36am

Looks like your certs aren’t working properly.

Is this a commercial vpn provider?

NetwrkNoob · July 21, 2024, 2:37am

It is. I did not paste the sections with the certificates

psherman · July 21, 2024, 2:39am

I cannot verify the certs, but you should check that the vpn connection profile and certs work with a regular computer, or check with the provider for updated certs/keys.

NetwrkNoob · July 21, 2024, 2:43am

It works using the app on my phone and chromecast but I have not been able to get it to work on my linux laptop using the ovpn file

egc · July 21, 2024, 7:44am

See: https://openvpn.net/faq/md5-signature-algorithm-support/

A lot of your settings are outdated, like the use of compression, ns-cert-type-server, cipher.
You have a key direction but there does not seem to be a tls-auth key, not a show stopper but if you are paying for this crap I would ask my money back

Oh and the app and Chromecast VPN should be updated to not allow this crap to work

Proton has a free account which does a better job.

If you are choosing a VPN provider make sure you choose one which allows WireGuard on the router.

WireGuard is much faster and easier to setup