NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

famousdavis's avatar
famousdavis
Tutor
Aug 19, 2018
Solved

OpenVPN warning: No server certificate verification method has been enabled

Hi, I've got a new Orbi router (Model RBR20) and two satellites.  The router's firmware is V2.1.4.16.  I enabled OpenVPN on the Orbi router and it works fine with my mobile device.  When I use OpenVP...
Troubleshooting
  • funsurfer's avatar
    funsurfer
    Mar 03, 2019

    try adding 

    remote-cert-tls server

     

    to the end of your config file that should remove the warning

brian1918's avatar
brian1918
Aspirant
Dec 10, 2023

Having the same issue...
Hardware Version:              RBR20 (RBS20 as well)
Firmware Version:            V2.7.4.24
GUI Language Version:  V1.0.0.423
Operation Mode:  Router

Message:
Wed Nov 29 13:35:16 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Actions:
Added this to the client.ovpn, which made the message go away, however the issue still exists, No VPN...
remote-cert-tls server

 

1.The 'ipconfig' output shows "Media disconnected" from the NETGEAR-VPN adapter.  I would expect a configuration to be here.  

2.Not sure how Netgear VPN works in the background.  I have the DDNS setup with them, which resolves and pings 🙂 .  However, the nmap output doesn't list the tcp or udp ports as open on the Orbi router.  Curious if the VPN service is actually on the Netgear Server Infrastructure?

 

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Dec 10, 2023

Things may have changed since those messages in 2019.  Perhaps it would be helpful to start a new discussion.

 

It would be useful to know:

  • What specific device is being used to test the OpenVPN feature. (Android phone, iPhone, tablet, laptop, etc.)
  • How the test is being conducted.  My typical procedure is to
    • Disconnect my Android phone from the Orbi LAN
    • Then, run the OpenVPN app on the phone.
    • Having verified that this works
    • Open a WiFi Hot Spot on the phone.
    • Disconnect a tablet or laptop from the Orbi LAN.
    • Connect this device to the phone Hot Spot
    • Verify that it gets internet.
    • Run the OpenVPN app on this device.
    • Verify that it connects to the Orbi LAN by using a web browser to open the Orbi web administration and to access other devices on the Orbi LAN
  • How nmap is being run to detect open ports.  The Orbi WAN port cannot be observed from the LAN side, and ports opened for OpenVPN host do not appear on the Port Forwarding page. (Technically, they remain in the router, and are thus not 'forwarded'.)
    Just a tiny note: Unlike TCP, UDP ports do not respond to connection attempts.  The default port settings for OpenVPN are UDP port 12973 for tun connections and port 12974 for tap connections, so an nmap scan from the WAN side is not likely to reveal that port   UDP is the default because it is so much more efficient than TCP.  If a test is important, then the TCP option should be chosen and new parameter files downloaded.

 

 

  • brian1918's avatar
    brian1918
    Aspirant
    Dec 10, 2023

    Thanks for your response.

    My device is a Windows 11 laptop and Windows 10 tablet for more testing.  

    My test matches what you describe.  Setting up while on the Orbi lan, then trying to connect from an android hotspot (internet works from the phone).  The nmap port scan was from the Orbi LAN.  

    nmap -sS <Orbi gw>

    Host is up (0.0010s latency).
    Not shown: 996 closed tcp ports (reset)
    PORT STATE SERVICE
    21/tcp filtered ftp
    53/tcp open domain
    80/tcp open http
    443/tcp open https

     

    nmap -sU <Orbi gw>

    Host is up (0.00044s latency).
    Not shown: 991 closed udp ports (port-unreach)
    PORT STATE SERVICE
    22/udp open|filtered ssh
    23/udp open|filtered telnet
    53/udp open domain
    67/udp open|filtered dhcps
    69/udp open|filtered tftp
    161/udp open|filtered snmp
    162/udp open|filtered snmptrap
    1900/udp open|filtered upnp
    5351/udp open nat-pmp

     

    Interestingly - earlier today, On the Orbi LAN, without making any changes, the VPN connected, the network vpn adapter was configured with an IP.  So, I disconnected from the LAN, then connected to the cell phone hot spot...  The VPN never connected, connecting back to the LAN didn't connect again either.  weird.  

     

    Been through the setup instructions maticulously, but nogo.  There must be some additional requirements/instructions to clear up an out of the box VPN configuration.  

     

    Appreciate all your assistance.  Thanks.

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Dec 11, 2023

      Thanks for the details.

      • nmap cannot detect OpenVPN from the LAN side.  useful tool much of the time, but not for this.
      • the Android phone providing the Hot Spot was disconnected from the Orbi LAN WiFi ... correct?
      • brian1918's avatar
        brian1918
        Aspirant
        Dec 11, 2023

        Correct - the android was disconnected from the wifi LAN connection.  Thanks.