Following a lot of fun discussions with SM over on Twitter <link>, I realised it would be beneficial for him to have access to my home network as I was in possession of the newer ONT box provided by Mauritius Telecom (MyT). Given that there was a cyclone nearby at the time, I figured it would be the perfect opportunity to have a crack at this situation.
I had already used a VPN to connect to my Kubernetes cluster at home from the beach during the November Frontend Coders meetup <link>, so I intended to share the openvpn config file so that SM could also use the same VPN access to my network.
The VPN is an extremely rudimentary one provided by my Netgear Nighthawk R7000 router. The router runs V1.0.9.88_10.2.88 firmware. There is a double-NAT situation as it is behind the ISP router but that has not been an issue for me. The necessary ports 12973, and 12974, are both open on the ISP router and point to the Netgear one.
I had no issues with connecting through this VPN using my laptop for which I did my presentation. However, from any other device, I end up with an error as follows:
024-01-15 22:52:59 us=633371 OpenSSL: error:0A000102:SSL routines::unsupported protocol:
2024-01-15 22:52:59 us=633383 TLS_ERROR: BIO read tls_read_plaintext error
2024-01-15 22:52:59 us=633393 TLS Error: TLS object -> incoming plaintext read error
2024-01-15 22:52:59 us=633403 TLS Error: TLS handshake failed
2024-01-15 22:52:59 us=633477 TCP/UDP: Closing socket
OpenVPN suggests a TLS error - unsupported/mismatched protocol, and to try specifying tls-version-min 1.0 but this did not solve the issue. On the other hand, the issue stems from OpenSSL. Using version 3.2.0 23 Nov 2023 failed while 1.1.1 31 March 2020 worked fine.
The root cause is likely that the Netgear router is not updated enough to be compatible with the rather late version (3.2.0). A firmware upgrade would be ideal, however it appears that Netgear has dropped most support for this router, and the forums are more lifeless than the Saharan desert.