NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
famousdavis
Aug 19, 2018Tutor
OpenVPN warning: No server certificate verification method has been enabled
Hi, I've got a new Orbi router (Model RBR20) and two satellites. The router's firmware is V2.1.4.16. I enabled OpenVPN on the Orbi router and it works fine with my mobile device. When I use OpenVP...
- Mar 03, 2019
try adding
remote-cert-tls server
to the end of your config file that should remove the warning
brian1918
Dec 10, 2023Aspirant
Having the same issue...
Hardware Version: RBR20 (RBS20 as well)
Firmware Version: V2.7.4.24
GUI Language Version: V1.0.0.423
Operation Mode: Router
Message:
Wed Nov 29 13:35:16 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Actions:
Added this to the client.ovpn, which made the message go away, however the issue still exists, No VPN...
remote-cert-tls server
1.The 'ipconfig' output shows "Media disconnected" from the NETGEAR-VPN adapter. I would expect a configuration to be here.
2.Not sure how Netgear VPN works in the background. I have the DDNS setup with them, which resolves and pings 🙂 . However, the nmap output doesn't list the tcp or udp ports as open on the Orbi router. Curious if the VPN service is actually on the Netgear Server Infrastructure?
CrimpOn
Dec 10, 2023Guru - Experienced User
Things may have changed since those messages in 2019. Perhaps it would be helpful to start a new discussion.
It would be useful to know:
- What specific device is being used to test the OpenVPN feature. (Android phone, iPhone, tablet, laptop, etc.)
- How the test is being conducted. My typical procedure is to
- Disconnect my Android phone from the Orbi LAN
- Then, run the OpenVPN app on the phone.
- Having verified that this works
- Open a WiFi Hot Spot on the phone.
- Disconnect a tablet or laptop from the Orbi LAN.
- Connect this device to the phone Hot Spot
- Verify that it gets internet.
- Run the OpenVPN app on this device.
- Verify that it connects to the Orbi LAN by using a web browser to open the Orbi web administration and to access other devices on the Orbi LAN
- How nmap is being run to detect open ports. The Orbi WAN port cannot be observed from the LAN side, and ports opened for OpenVPN host do not appear on the Port Forwarding page. (Technically, they remain in the router, and are thus not 'forwarded'.)
Just a tiny note: Unlike TCP, UDP ports do not respond to connection attempts. The default port settings for OpenVPN are UDP port 12973 for tun connections and port 12974 for tap connections, so an nmap scan from the WAN side is not likely to reveal that port UDP is the default because it is so much more efficient than TCP. If a test is important, then the TCP option should be chosen and new parameter files downloaded.
- brian1918Dec 10, 2023Aspirant
Thanks for your response.
My device is a Windows 11 laptop and Windows 10 tablet for more testing.
My test matches what you describe. Setting up while on the Orbi lan, then trying to connect from an android hotspot (internet works from the phone). The nmap port scan was from the Orbi LAN.
nmap -sS <Orbi gw>
Host is up (0.0010s latency).
Not shown: 996 closed tcp ports (reset)
PORT STATE SERVICE
21/tcp filtered ftp
53/tcp open domain
80/tcp open http
443/tcp open httpsnmap -sU <Orbi gw>
Host is up (0.00044s latency).
Not shown: 991 closed udp ports (port-unreach)
PORT STATE SERVICE
22/udp open|filtered ssh
23/udp open|filtered telnet
53/udp open domain
67/udp open|filtered dhcps
69/udp open|filtered tftp
161/udp open|filtered snmp
162/udp open|filtered snmptrap
1900/udp open|filtered upnp
5351/udp open nat-pmpInterestingly - earlier today, On the Orbi LAN, without making any changes, the VPN connected, the network vpn adapter was configured with an IP. So, I disconnected from the LAN, then connected to the cell phone hot spot... The VPN never connected, connecting back to the LAN didn't connect again either. weird.
Been through the setup instructions maticulously, but nogo. There must be some additional requirements/instructions to clear up an out of the box VPN configuration.
Appreciate all your assistance. Thanks.
- CrimpOnDec 11, 2023Guru - Experienced User
Thanks for the details.
- nmap cannot detect OpenVPN from the LAN side. useful tool much of the time, but not for this.
- the Android phone providing the Hot Spot was disconnected from the Orbi LAN WiFi ... correct?
- brian1918Dec 11, 2023Aspirant
Correct - the android was disconnected from the wifi LAN connection. Thanks.