Hi there!
I use Keepsoild VPN unlimited configs, My os is Windows 11 and I’m getting these errors with openvpn GUI and openvpn connect.
Can someone help me fix this please?
Ask your VPN provider to generate new files.
Try adding following line to your config:
tls-cipher DEFAULT:@SECLEVEL=0
You add this anywhere before .
I’d place it above cipher AES-256-CBC.
I’ve found that OpenVPN can be bit fussy with configs especially as over the time with OpenVPN, the default security settings change. It is the provider not keeping up with these changes.
Get latest OpenVPN Connect. Look in the options to set security level to the lowest standard. It will probably work then.
Note that this is caused by security standards changing over time. MD5 signatures on certificates were considered okay a long time ago, but are considered very insecure nowadays. Sha256 is common now. This provider should update their certificates.
Also they are using auth sha512 which is ironically technically ‘better’ but also results in noticeably slower speeds, and is applied in an area of the security of OpenVPN where you could do with MD5 just fine.
Yeah that sounds weird right? Thing is security is hard to get right. MD5 as certificate security where it is used to prove identity is bad. MD5 used as an HMAC key just for packet signing/verification is one of the few use cases where MD5 is still fine. But sha512 causes a significant overhead that is measurably slowing things down, while that level was not needed there.
Whoever put this config together probably did not understand these nuances.
Anyway the lowest security level should make it work again. But consider this a warning that over time it will eventually completely break as MD5 is now already deprecated hard, and may even be removed entirely in the future. Then you have to make a choice - use outdated client software that will still be able to support this crap config and risk being vulnerable to stuff, or get the provider to fix their shit, or get another provider that knows what it is doing.
Good luck.
Thanks a lot!
It worked 
I asked the provider and they said we are updating our servers and new servers will be available next month.
Thanks for helping though 
This is interesting. I realize its old but can you expand on:
How can you tell this config is MD5 for identity?
How would I use OpenVPN Connect to solve this problem?
I am in a similar situation. I am trying to take Keep Solid VPN and use it on a Deco xe75 mesh router setup. I would prefer to use OpenVPN but I’m a n00b here.
Great and I thought it would. I’ve had to do this for many of my configs on Ubuntu Server. Not just for VPN Unlimited configs either. That setting just relaxes on the cipher check, so that it no longer cares that the one in config is lower than your OpenVPN client software is expecting.
I can tell because the error message in the original post exactly says that.
I think MD5 might still be possible if you dig into the settings of connect and set the security level at the lowest.
But you really should not use MD5 on the certificates anymore. If the router manufacturer has no solution for it then get another router.