OVPN server unable to generate 2048 bit RSA keys (384.19)

[SMS786]

Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:

The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?

 

[octopus]

Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:

The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?

I answere you here, have you tested second/other server?
https://www.snbforums.com/threads/release-asuswrt-merlin-384-19-is-now-available.65801/post-610854

 

[SMS786]

I answere you here, have you tested second/other server?
https://www.snbforums.com/threads/release-asuswrt-merlin-384-19-is-now-available.65801/post-610854

View attachment 25449

Yes I saw your answer, but that was to a different question. Here I see the boxes when setting up both servers, and I have them both selected for 2048 bit, but still after saving the changes the generated ovpn config file shows a 1024 bit public key.

 

[octopus]

Yes I saw your answer, but that was to a different question. Here I see the boxes when setting up both servers, and I have them both selected for 2048 bit, but still after saving the changes the generated ovpn config file shows a 1024 bit public key.

Look in your CA file instead.

 

[RMerlin]

Despite selecting 2048 bit keys in the OVPN server page I see the keys in the config file are still 1024 bit:

    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:26:44 2017 GMT
            Not After : Oct 20 21:26:44 2027 GMT
        Subject: C=TW, ST=TW, L=Taipei, O=ASUS, CN=client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:

The OVPN GUI log on my client also shows the connection using 1024 bit keys. Am I overlooking something?

That is an old certificate, as it dates back to 2017.

 

[SMS786]

That is an old certificate, as it dates back to 2017.

Can I generate a new one in the webUI using 2048 bit keys?

 

[SMS786]

The concerning part was the 1024 bit tag below (despite setting 2048 during setup).

Aug 15 14:25:09 ovpn-server2:  Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA

 

[RMerlin]

Can I generate a new one in the webUI using 2048 bit keys?

Reset that server instance to Default, then re-enable the instance.

 

[SMS786]

Reset that server instance to Default, then re-enable the instance.

That did the trick, much thanks!

Aug 16 03:27:40 ovpn-server: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 2048 bit RSA