[SOLVED] I have a Linksys E900 (router A) with Tomato Shibby 1.28 running an OpenVPN server at a remote site abroad. Local Android and Windows clients connect as expected, without errors, and establish a functional VPN. My goal is to establish the VPN on/via a local Router B also running Tomato Shibby 1.28 as an OpenVPN client, instead of each client establishing the VPN connection to Router A individually. I have now spent 2½ days full-on trying to establish the OpenVPN client connection (on an ASUS RT-N12 D1 (router B) Tomato Shibby 1.28 router) with the same repetitive error message: Error: private key password verification failed. I verified that I have entered the correct password correctly. And I have also double-verified by using client certificates and keys, that were initially used and verified as working on android devices. Still, the elsewhere functional keys entered correctly into the WUI of the Tomato Shibby 1.28 OpenVPN client setup yields no connection. So it is not a typo. Not a firewall block or port forwarding issue. I have used identical client-conf on the router as on the mobile devices. Still, no luck. Even did a PPTP server setup at router A and connectied router B just fine to check (I got desperate). I also set up a remote VPS with Ubuntu and OpenVPN server and connected just fine with router B as OpenVPN client to the VPS and its VPN. So Router B OpenVPN client ->VPS OpenVPN Server works. I just can't get the connection from Router B OpenVPN client ->Router A OpenVPN Server working. SETTINGS for Tomato OpenVPN server (router A): BASIC Start with WAN: Enabled TUN interface UDP Protocol Port 1194 Firewall: Auto Auth mode: TLS HMAC: incoming (0) ADVANCED Poll interval: 0 Push LAN: Enabled Redirect internet: Enabled Respond to DNS: Enabled Advertise DNS: Enabled Cipher: AES-128-CBC Compression: Disabled TLS renegotiation time: -1 Client-specific: Disabled Allow User/Pass auth: Disabled (this one is ALSO tested as ENABLED numerous times with the correct username and password entered correctly, as verified on android clients, but finally I became apathic and just disabled it in the stark face of defeat) Custom conf: None KEYS All five entries done correctly from easy-rsa on key signing linux machine. Working fine with all client keys/confs, except when used on Router B as OpenVPN client. OUTPUT from client-conf (from /etc/openvpn/easy-rsa/keys# cat client-conf.ovpn) client remote xxx.x.xx.xx 1194 ca ca.crt cert vpnclient.crt key vpnclient.key tls-auth ta.key 1 dev tun proto udp key-direction 1 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ns-cert-type server verb 3 mute 20 cipher AES-128-CBC Screen dumps below (with sensitive data removed crudely in mtPaint) for those visually inclined.