set to use DH.PEM ... save / reboot
my ovpn setup
mrjcd@daDeb:~$ ssh root@citadel-station-homeworld.mrjcd.com
DD-WRT v3.0-r50057 std (c) 2022 NewMedia-NET GmbH
Release: 09/03/22
Board: Linksys EA8500
==========================================================
___ ___ _ _____ ______ ____ ___
/ _ \/ _ \___| | /| / / _ \/_ __/ _ __|_ / / _ \
/ // / // /___/ |/ |/ / , _/ / / | |/ //_ <_/ // /
/____/____/ |__/|__/_/|_| /_/ |___/____(_)___/
DD-WRT v3.0
https://www.dd-wrt.com
==========================================================
BusyBox v1.35.0 (2022-09-03 01:28:24 +07) built-in shell (ash)
root@Citadel-Station-Homeworld:~# cat /tmp/var/log/messages | grep openvpn
Dec 31 18:00:33 Citadel-Station-Homeworld user.info : [openvpn] : OpenVPN daemon (Server) starting/restarting...
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2104]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/o
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2104]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2104]: OpenVPN 2.5.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 3 2022
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2104]: library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
Dec 31 18:00:33 Citadel-Station-Homeworld user.info : [openvpn] : successfully started
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2106]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2106]: net_route_v4_best_gw query: dst 0.0.0.0
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2106]: net_route_v4_best_gw result: via 96.46.208.129 dev eth0
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2106]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.err openvpn[2106]: OpenSSL: error:0908F066:lib(9):func(143):reason(102)
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.err openvpn[2106]: Cannot load DH parameters from /tmp/openvpn/dh.pem
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2106]: Exiting due to fatal error
root@Citadel-Station-Homeworld:~# uptime && date
06:42:49 up 2 min, load average: 0.11, 0.12, 0.05
Sun Sep 4 06:42:49 CDT 2022
root@Citadel-Station-Homeworld:~#
Connection to citadel-station-homeworld.mrjcd.com closed.
Enable ECDH ...save / reboot
mrjcd@daDeb:~$ ssh root@citadel-station-homeworld.mrjcd.com
DD-WRT v3.0-r50057 std (c) 2022 NewMedia-NET GmbH
Release: 09/03/22
Board: Linksys EA8500
==========================================================
___ ___ _ _____ ______ ____ ___
/ _ \/ _ \___| | /| / / _ \/_ __/ _ __|_ / / _ \
/ // / // /___/ |/ |/ / , _/ / / | |/ //_ <_/ // /
/____/____/ |__/|__/_/|_| /_/ |___/____(_)___/
DD-WRT v3.0
https://www.dd-wrt.com
==========================================================
BusyBox v1.35.0 (2022-09-03 01:28:24 +07) built-in shell (ash)
root@Citadel-Station-Homeworld:~# cat /tmp/var/log/messages | grep openvpn
Dec 31 18:00:33 Citadel-Station-Homeworld user.info : [openvpn] : OpenVPN daemon (Server) starting/restarting...
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2110]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2110]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/o
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2110]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2110]: OpenVPN 2.5.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 3 2022
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2110]: library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
Dec 31 18:00:33 Citadel-Station-Homeworld user.info : [openvpn] : successfully started
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: net_route_v4_best_gw query: dst 0.0.0.0
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: net_route_v4_best_gw result: via 96.46.208.129 dev eth0
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.warn openvpn[2112]: WARNING: Your certificate is not yet valid!
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: ECDH curve secp384r1 added
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: TUN/TAP device tun2 opened
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: net_iface_mtu_set: mtu 1500 for tun2
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: net_iface_up: set tun2 up
Dec 31 18:00:33 Citadel-Station-Homeworld daemon.notice openvpn[2112]: net_addr_v4_add: 10.172.128.241/28 dev tun2
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.warn openvpn[2112]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: Socket Buffers: R=[262144->262144] S=[262144->262144]
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: UDPv4 link local (bound): [AF_INET][undef]:xxxxx
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: UDPv4 link remote: [AF_UNSPEC]
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MULTI: multi_init called, r=256 v=256
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: IFCONFIG POOL IPv4: base=10.172.128.242 size=13
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: IFCONFIG POOL LIST
Sep 4 06:44:38 Citadel-Station-Homeworld daemon.notice openvpn[2112]: Initialization Sequence Completed
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: CMD 'state'
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: CMD 'state'
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: CMD 'state'
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: NOTE: --mute triggered...
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: 1 variation(s) on previous 3 message(s) suppressed by --mute
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: CMD 'status 2'
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: CMD 'status 2'
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: CMD 'log 500'
Sep 4 06:44:52 Citadel-Station-Homeworld daemon.notice openvpn[2112]: MANAGEMENT: Client disconnected
root@Citadel-Station-Homeworld:~# uptime && date
06:45:28 up 1 min, load average: 0.42, 0.24, 0.09
Sun Sep 4 06:45:28 CDT 2022
root@Citadel-Station-Homeworld:~#
Connection to citadel-station-homeworld.mrjcd.com closed.
mrjcd@daDeb:~$
I use same 4096 bit ovpn keys on main router I have used for years
AND I checked the DH.PEM ----shows exact same as it should be.
NO I ain't gonna post the complete dh4096.pem :-P
root@Citadel-Station-Homeworld:/tmp/openvpn# ls
ca.crt cert.pem cldiscon.sh ip-pool openvpn.conf route-up.sh
ccd clcon.sh dh.pem key.pem route-down.sh
root@Citadel-Station-Homeworld:/tmp/openvpn# cat dh.pem
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAiAiLb37cqTd5zN14AnFUXiGUeaZlwMzDIunL0eblxUWZOgZXYHJF
UI+KXC83v9LGAj5lAQYCjWaS4pTcd2aIQ9JHK9HbwrjbDrkfLKN+7uOWgV6QdwDx
|
|
|
|
|
|
|
|
s3ZiLPlbGjRuQkjedxHRuLKI7lSRKpMvtaDkXhjDYCQVaILQLr/T9VsCAQI=
-----END DH PARAMETERS----
root@Citadel-Station-Homeworld:/tmp/openvpn#
****Update****
I fixed it ...silly me :-(
was missing last - from END DH PARAMETERS
tis all good now
mrjcd@daDeb:~$ ssh root@citadel-station-homeworld.mrjcd.com
DD-WRT v3.0-r50057 std (c) 2022 NewMedia-NET GmbH
Release: 09/03/22
Board: Linksys EA8500
==========================================================
___ ___ _ _____ ______ ____ ___
/ _ \/ _ \___| | /| / / _ \/_ __/ _ __|_ / / _ \
/ // / // /___/ |/ |/ / , _/ / / | |/ //_ <_/ // /
/____/____/ |__/|__/_/|_| /_/ |___/____(_)___/
DD-WRT v3.0
https://www.dd-wrt.com
==========================================================
BusyBox v1.35.0 (2022-09-03 01:28:24 +07) built-in shell (ash)
root@Citadel-Station-Homeworld:~# cat /tmp/openvpn/dh.pem
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAiAiLb37cqTd5zN14AnFUXiGUeaZlwMzDIunL0eblxUWZOgZXYHJF
|
|
|
|
|
|
|
|
|
s3ZiLPlbGjRuQkjedxHRuLKI7lSRKpMvtaDkXhjDYCQVaILQLr/T9VsCAQI=
-----END DH PARAMETERS-----
root@Citadel-Station-Homeworld:~# uptime && date
08:49:53 up 2:06, load average: 0.00, 0.02, 0.00
Sun Sep 4 08:49:53 CDT 2022
root@Citadel-Station-Homeworld:~#
Connection to citadel-station-homeworld.mrjcd.com closed.