hello,
am new here and have a problem.
IPFire 2.27 coreupdate 174.
Openvpn:
i want to set up a new user.
everything looks good so far.
The privatkey is now 4096 encrypted.
But i can’t get a connection.
Error in Openvpn client:
VENT: EPKI_ERROR External Certificate Signing Failed
Client exception in transport_recv_excode: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:0406B07A:rsa routines:RSA_padding_add_none:data too small for key size / error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
IPFIRE log:
TLS Error TLS key negotiaition failed to occur within 60 sec
TLS error TLS handshake failed
If I use an old key (2048 encrypted), everything works.
I have tried a few things, but so far without success.
Are you using a recent version of the OpenVPN client? AFAIR you’ll need version 2.6.x (based on OpenSSL3 instead of 1.1) for keys with 4096 bytes length.
I installed it but nothing works with this.
both old and new key are not working now.
2023-04-26 10:57:54 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2023-04-26 10:57:54 OpenSSL: error:11800071:PKCS12 routines::mac verify failure
2023-04-26 10:57:54 OpenSSL: error:0308010C:digital envelope routines::unsupported
2023-04-26 10:57:54 Decoding PKCS12 failed. Probably wrong password or unsupported/legacy encryption
i open it with keyexplorer , password is correct.
I am now building a test environment,
thx for your help.