Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    openvpn sha1 client not working after update

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 281 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ermilan2309
      last edited by

      Hello,

      After upgrading pfsense firewall from 2.5.0 to 2.7.2 my OpenVPN with only client who has auth sha1 are not able to connect. some who has auth sha256 is working fine. And I did not do any modifications. It was like that since beginning.

      I tried so many things but non working. Can some one help me here please ?

      Thanks

      GertjanG A 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @ermilan2309
        last edited by Gertjan

        @ermilan2309

        Sure.
        "SHA1" isn't, afaik, not depreciated or even forbidden, as it shows up as an option in the GUI.

        Do read this : HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection because you've skipped over a lot of small and big security issues.

        It's possible that you have to re generate an OpenVPN client export file as the OpenVPN client side was probably updated several versions already.
        The idea is that you keep versions used on both sides nearly identical.

        Can you tell more about your OpenVPN server setup ?

        And of course, shows the OpenVPN logs. It doesn't matter if you can understand them. Maybe we do ^^ so we can tell you what's up.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A
          allxi @ermilan2309
          last edited by allxi

          @ermilan2309
          If you need and don't want to throw the hardware in the trash (the manufacturer forgot to update their product, for example Yealink).
          Use Custom options on server:
          tls-cert-profile insecure

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.