id summary reporter owner description type status priority milestone component version severity resolution keywords cc 290 OpenVPN connect on iOS Keysize issue, with DD-WRT shadoweyez jamesyonan "Hi all, first bug report here; On iPad2 w/openvpn connect 1.0, attempting to connect w/DD-WRT w/openvpn 2.3.0, configs listed at the end. When attempting to connect using 4096-bit keys, connection times out. When attempting to connect using 1024-bit keys, connection works. Other combinations with these server/client configs work, including a linux laptop with openvpn to the DD-WRT server, a windows box to the DD-WRT server, and openvpn on the iPad to a linux openvpn server with 4096-bit keys. Then, without changing the config *** OTHER THAN USING 1024-bit key sizes *** on both the iPad and DD-WRT router, everything connects and works. I'm using easy-rsa on linux to generate keys, though I believe other key generation methods would not really change the results. The only thing changing here is the key sizes, and it only occurs with openVPN connect. (I consider this a bug, as from a security standpoint, 1024-bit asymmetric/RSA is weak) ========================= DD-WRT v24-sp2 (03/17/13) mega, SVN revision 20979, on Asus RT-N66U $ uname -a Linux DD-WRT 2.6.24.111 #68 Sun Mar 17 19:00:02 PDT 2013 mips GNU/Linux $ openvpn --help OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 17 2013 iPad2 config: remote vpn.site 443 client remote-cert-tls server comp-lzo dev tun0 proto udp resolv-retry infinite nobind persist-key persist-tun float cipher AES-256-CBC auth SHA512 4096-bit ca-key 4096-bit cert 4096-bit key DD-WRT server config: push ""dhcp-option DNS 208.67.222.222"" server 192.168.3.0 255.255.255.0 duplicate-cn tls-server push ""redirect-gateway"" script-security 2 verb 5 dev tun0 proto udp keepalive 60 180 port 443 comp-lzo cipher AES-256-CBC auth SHA512 #4096-bit keys dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem management localhost 5001 " Bug / Defect closed major OpenVPN Connect Not set (select this one, unless your'e a OpenVPN developer) fixed iOS james@…