Leaderboard

Well, as far as I can tell it's working.

@maasenstodt Hello! Currently Eddie does not re-download automatically any new certificate/key pair: in Eddie main window, log your account out and then log it in again, in order to force Eddie to re-download client certificate(s) and key(s). A detailed guide is available here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! The current state of play as well as important clarifications. The issue occurs only in those OpenVPN clients linked against OpenSSL 3 and only to some of our users, see below Since 2017, our system generates CRT signed with SHA512 algorithm. Previously they were signed with SHA1. Regeneration of old CRT is not triggered and forced by us automatically, because it would invalidate any previous OVPN configuration file out there and lock out the user who does not follow our forum, notification e-mails etc. @rprimus you have a client CRT (user.crt) dated 2015. You and anybody else using pre-2017 user certificates: please go to your "Client Area" > "Devices" menu, renew your cert/key pair, re-download your OVPN configuration files from the Configuration Generator, use them and you will be fine. (*) The problem has never been caused by the CA certificate. Replacing the CA.crt is not mandatory, it just avoids warning message (that you can safely ignore and has nothing to do with the main issue of this thread) you may meet in Eddie Android edition, Hummingbird and Bluetit. Anyway, now even ca.crt is SHA512 signed, so you will not get anymore the mentioned warning (*) Yellow rows show certificates which use a signature based on a deprecated for security reasons hash algorithm (SHA1). They are still here to ensure backward compatibility, because we can't know whether you still use them in generated profiles. However, future OpenVPN versions might not allow them anymore. Click 'Renew' or 'Delete' to resolve the issue. After that, re-generate profile(s) with our Configuration Generator. If you run our client software Eddie, you just need to log your account out and in again from the main window. Kind regards

Thank you! You pushed me into the right direction: While I was still waiting for the activation code from the merlin board, I searched for openwrt + IPv6 + VPN and found an entry in the board of PerfectPrivacy. I hope you do not mind me linking them here. Also the website is in German but I assume that will not be an issue for you: Issues with Merlin-VPN For future reference: There are two ways to fix this: A clever user over at the board of PP suggested to add the following lines to the configuration down at the VPN section of the router: pull-filter ignore "ifconfig-ipv6" pull-filter ignore "route-ipv6" Alternatively go to the IPv6 section of the router and switch it ON to "native". I noticed #1 connecting a tad faster than #2, so I went with that. Also I do not have a clue why switching IPv6 ON to then NOT use it actually works but ...hey... as long as it does the trick?