Question

Old firmware RUT2XX_R_00.01.10 works but on new firmware RUT2XX_R_00.01.11.2 OpenVPN does not work if I use tls-auth. I investigated this problem on command line and found out that it gives me following error:

Options error: In openvpn-client_xxxx.conf:15: Maximum option line length (256) exceeded, line starts with tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-D

On old, working firmware that line in openvpn conf is:

tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-DES-CBC-SHA

which is just under 256 characters. On new firmware that line is:

tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-DES-CBC-SHA

which is over 300 characters long so it does not work.

I think this is a bug and needs to be fixed.

I can edit config file manually but if I reboot RUT, config file reverts to older version so maybe i'm editing wrong file.

Answer 1

Hi,

Can you send me the router's Troubleshoot file via private message? It can be downloaded from the System → Administration → Troubleshoot page.

Comments

I can't find how I can send private message to you.

I found out same problem with RUT950 but as temporary workaround I edited /overlay/upper/etc/config/openvpn -file and got it working even after reboot.

Answer 2

Any progress on this bug?

Answer 3

Hi, I have exaclty the same problem. Any solution?