NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
OpenVPN warning: No server certificate verification method has been enabled
Hi, I've got a new Orbi router (Model RBR20) and two satellites. The router's firmware is V2.1.4.16. I enabled OpenVPN on the Orbi router and it works fine with my mobile device. When I use OpenVPN with my Windows 10 laptop, however, I get this warning message in the OpenVPN client log:
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Visting the URL doesn't do a lot of good. There aren't a lot of configuration settings for OpenVPN on the Orbi Advanced Settings / VPN Service menu option. It lets me enable OpenVPN and little else, nothing to do with server certification verification.
The OpenVPN client for Windows is the latest available (V2.4.6).
What can I do, if anything, so this warning message doesn't appear (and the implicit risk is properly mitigated)?
try adding
remote-cert-tls server
to the end of your config file that should remove the warning
47 Replies
Hello famousdavis,
Thank you for reaching out to the community. I have passed this information along to our engineering team to look into. In the meantime, I would suggest upgrading your firmware to the latest version provided in the link below.
https://www.netgear.com/support/product/rbr20.aspx#RBR20%20Firmware%20Version%202.2.0.68
Best regards,
Christian
- Thanks, Christian.
When the Orbi router does it auto-check for new firmware, it says it’s already up-to-date (on V2.1.4.16).
Any downside to upgrading the firmware using your provided link? If I wanted to downgrade the firmware back to 2.1.4.16 (if something is screwy with the newer firmware version), is that possible?
And this wouldn’t require updating the firmware on the two satellites, would it?It's recommended to manually download the FW files and then update the Satellites first, then the router. Please use a wired LAN cable connected PC or laptop for this operation.
There will be separate files for the router and satellites.
- Just saw your reply, thx. Although, weirdly, on my iPhone and laptop, I can’t scroll down to see your full reply. ??? Not happening with other posts???
- N/M. It’s just your signature I can’t see in its entirety! :)
:smileywink:
I have the same issue! Firmware is up to date. I have uninstalled and reinstalled the OpenVPN three times. I have re-downloaded the configuration files and replaced them three times. I spent an hour on the phone with Netgear support with no resolution! So what seems to be the problem Netgear??
Thank you for reaching out to us with expressing a similar issue as others. I have sent you a message.
~Christian
Same Problem... Just with win10... on ios config works
RBR50 with single Satallite on the latest V2.2.1.210 and same issue on Windows 10. This issue was reported back in August so is there a work around or fix? I don't see any newer firmeware updates to help. Please advise, thank you.
I am having the same issue with openvpn service on v2.2.1.210 as well. my W10 client openvpn is stating "WARNING: No server certificate verification method has been enabled." Is there a firmware fix for this and can you send me a DM to fix this issue?
Thanks.
I'm having the same problem. Here is the info about my router:
Hardware Version RBR40
Firmware Version V2.2.1.210I also have 1 satelite. Here is the message I'm getting:
Wed Dec 26 12:10:43 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
That web page was of no help. If there is a solution to this problem, please let me know. One of the reasons I purchased the Orbi over one of the other mesh routers out there was that it included a VPN service and now that service isn't working (and never has).
Thank you,
Daniel
Having the same issue...
Hardware Version: RBR20 (RBS20 as well)
Firmware Version: V2.7.4.24
GUI Language Version: V1.0.0.423
Operation Mode: RouterMessage:
Wed Nov 29 13:35:16 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.Actions:
Added this to the client.ovpn, which made the message go away, however the issue still exists, No VPN...
remote-cert-tls server1.The 'ipconfig' output shows "Media disconnected" from the NETGEAR-VPN adapter. I would expect a configuration to be here.
2.Not sure how Netgear VPN works in the background. I have the DDNS setup with them, which resolves and pings 🙂 . However, the nmap output doesn't list the tcp or udp ports as open on the Orbi router. Curious if the VPN service is actually on the Netgear Server Infrastructure?
Things may have changed since those messages in 2019. Perhaps it would be helpful to start a new discussion.
It would be useful to know:
- What specific device is being used to test the OpenVPN feature. (Android phone, iPhone, tablet, laptop, etc.)
- How the test is being conducted. My typical procedure is to
- Disconnect my Android phone from the Orbi LAN
- Then, run the OpenVPN app on the phone.
- Having verified that this works
- Open a WiFi Hot Spot on the phone.
- Disconnect a tablet or laptop from the Orbi LAN.
- Connect this device to the phone Hot Spot
- Verify that it gets internet.
- Run the OpenVPN app on this device.
- Verify that it connects to the Orbi LAN by using a web browser to open the Orbi web administration and to access other devices on the Orbi LAN
- How nmap is being run to detect open ports. The Orbi WAN port cannot be observed from the LAN side, and ports opened for OpenVPN host do not appear on the Port Forwarding page. (Technically, they remain in the router, and are thus not 'forwarded'.)
Just a tiny note: Unlike TCP, UDP ports do not respond to connection attempts. The default port settings for OpenVPN are UDP port 12973 for tun connections and port 12974 for tap connections, so an nmap scan from the WAN side is not likely to reveal that port UDP is the default because it is so much more efficient than TCP. If a test is important, then the TCP option should be chosen and new parameter files downloaded.
Thanks for your response.
My device is a Windows 11 laptop and Windows 10 tablet for more testing.
My test matches what you describe. Setting up while on the Orbi lan, then trying to connect from an android hotspot (internet works from the phone). The nmap port scan was from the Orbi LAN.
nmap -sS <Orbi gw>
Host is up (0.0010s latency).
Not shown: 996 closed tcp ports (reset)
PORT STATE SERVICE
21/tcp filtered ftp
53/tcp open domain
80/tcp open http
443/tcp open httpsnmap -sU <Orbi gw>
Host is up (0.00044s latency).
Not shown: 991 closed udp ports (port-unreach)
PORT STATE SERVICE
22/udp open|filtered ssh
23/udp open|filtered telnet
53/udp open domain
67/udp open|filtered dhcps
69/udp open|filtered tftp
161/udp open|filtered snmp
162/udp open|filtered snmptrap
1900/udp open|filtered upnp
5351/udp open nat-pmpInterestingly - earlier today, On the Orbi LAN, without making any changes, the VPN connected, the network vpn adapter was configured with an IP. So, I disconnected from the LAN, then connected to the cell phone hot spot... The VPN never connected, connecting back to the LAN didn't connect again either. weird.
Been through the setup instructions maticulously, but nogo. There must be some additional requirements/instructions to clear up an out of the box VPN configuration.
Appreciate all your assistance. Thanks.
