ASUS RT-AX86U OpenVPN Server Error - Key Too Small

[dsneed]

I just setup my ASUS RT-AX86U, replacing an RT-AC86U. I keep getting an error when trying to connect on my iPhone (the only device I use it) using the OpenVPN app.

CORE_THREAD_ERROR OpenSSLContext:
SSL_CTX_use_certificate failed:
error:0A00018F:SSL routines::ee key too small

Not sure how to resolve this issue. Please help

client
dev tun
proto tcp-client
remote <server> <port>
resolv-retry infinite
nobind
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
auth SHA256
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----

</tls-auth>
key-direction 0

 

[Ripshod]

If this is over wifi it won't work. Connection needs to be made over the internet.

 

[Tech9]

Not sure how to resolve this issue.

Default Asuswrt OpenVPN Server configuration works with no issues to OpenVPN Connect app on iOS. No manual configuration is needed except if one wants to change the server port and tell the VPN server what to route to the clients - LAN only or LAN + Internet. Check your configuration and test from Internet only as indicated above.

 

[dsneed]

If the Security Level is left at the default Preferred I get the error on the left. If I change it to Legacy, the same profile works. Something has to be missing to get the profile to work with the Preferred security level.

 

[Tech9]

Perhaps OpenVPN Connect app wants to see stronger encryption.

On the router change HMAC Authentication from SHA1 to SHA256 and try again. You can also disable Compression, if enabled.