1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Old Version SSL(Tomato-Shibby 1.28) unable to communicate with newer TLS (OpenVPN device)

Discussion in 'Tomato Firmware' started by nitegale117, Feb 12, 2014.

  1. nitegale117

    nitegale117 Reformed Router Member

    Hi.

    I am having a difficult time configuring OpenVPN with my device(OpenVPN client on my Android phone) and my Tomato Router. I have found out that this is because the SSL version on the Tomato router is old. Can anyone confirm if this is true?

    My version of Tomato router is as follows:-

    Tomato Firmware 1.28.0000 MIPSR2-104 K26 USB AIO-64K

    Please advise if there is newer version of Tomato that rectifies the problem.

    Thanks!
     
  2. lancethepants

    lancethepants Network Guru Member

    How exactly have you determined it is because of an old version of SSL? In any case I don't see how an older version OpenSSL would affect compatibility.
    So long as both versions of OpenSSL have the same cipher you're wanting to use. OpenVPN even supports PolarSSL, and I have tried OpenSSL <--> PolarSSL setup just fine with ciphers that both support.
     
  3. nitegale117

    nitegale117 Reformed Router Member

    Hi

    See the error below.
    It seems to be a cipher error. Any advise what is the best way around this problem?

    Some one suggested the below:-


    Below is the log from the Tomato router.

     
  4. PetervdM

    PetervdM Network Guru Member

    about a year ago there was an openvpn build ( or the used openssl build ) in which sha256 was broken, and even set as default as far as i recall.
    try to use --auth sha1 in your config on as well the client as the server.
     
  5. lancethepants

    lancethepants Network Guru Member

    If you're intent on not re-flashing your firmware, there is another alternative.
    You can download a binary of the latest OpenVPN here.
    http://lancethepants.com/files

    I stick it in /jffs, and run the following command in my wanup scripts.
    Code:
    /bin/mount --bind /jffs/sbin/openvpn /usr/sbin/openvpn
    
    Last I checked Toastman doesn't have the latest OpenVPN (2.3.0 in git I see) , so this is what I do to have the latest and use his build.
     
  6. lancethepants

    lancethepants Network Guru Member

    It's a static binary so it includes its own version of OpenSSL. I currently have it in use.
     
  7. shibby20

    shibby20 Network Guru Member

    why you just upgrade your router???

    v104 was released a year ago!
     
  8. nitegale117

    nitegale117 Reformed Router Member

    i think upgrade would be the fastest way around and effective. Adding binaries might take a little longer, but if no option will go for that.

    I am currently running:
    Tomato Firmware 1.28.0000 MIPSR2-104 K26 USB AIO-64K -Shibby
    I am not sure if I have the lastest version. Could you please advise on how to upgrade?

    Thanks for yr feedbacks.
     
  9. shibby20

    shibby20 Network Guru Member

  10. nitegale117

    nitegale117 Reformed Router Member

    Thanks so much shibby20 for the prompt response. Will prepare to for upgrade tonight. ;).

    Yes. It is RT-N66U.

    Appreciate all the prompt response here ( @shibby20 , @lancethepants, @PetervdM )
     

Share This Page