NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi CBR 750 with OpenVPN for home setup?
Hello, I got some great help from Netgear on my OpenVPN install. It's up and running on my Orbi. Next step is to install certificate authentication to secure the connection. Does anyone have experi...
j4x4 wrote:
Hello,
I got some great help from Netgear on my OpenVPN install. It's up and running on my Orbi.
Next step is to install certificate authentication to secure the connection. Does anyone have experience with this step?
Can you please provide a link to where the need for this step is described?
I set up OpenVPN on two Orbi systems. Orbi creates the needed certificates and host/client keys and includes them in the ovpn files (separate files for Windows. "all-in-one" file for smartphone and non-windows).
The connection is secure because only the Orbi and the client have this information.
I keep getting warnings that state no certificate verification has been enabled. I installed OpenVPN 2.5.4 on my Windows 10 machine.
The same warnings directed me to visit the OpenVPN website. When I tried to get help there, the posts I found directed me ... back here.
Searching on this page led me here:
https://openvpn.net/community-resources/how-to/#numbering-private-subnets
But the most recent version of OpenVPN referred to is 2.3.x.
Before I go through all of the steps described for that, I want to know if there is a better/easier/other way to generate certificates with OpenVPN 2.5.4
I saw other posts here that said it's automatic, but that has not been my experience so far.
Thanks again for any help you can offer.
That OpenVPN page is pointing out that the "local LAN" subnet for the client machine must be different from the local LAN for the host.
i.e. If the Orbi LAN is 192.168.1.x, then the client must not be in the same subnet on its end. This is likely to happen when the remote client is connected to another consumer router that defines the local LAN the same way the Orbi does (192.168.1.x).
I have been fortunate because I always test my OpenVPN connections by creating a Hot Spot on my smartphone and the smartphone defines its LAN as 192.168.43.x (why they picked 43 is an interesting question).
This would seem to have nothing to do with certificates. Will need to do more research on that question.
j4x4 wrote:
I keep getting warnings that state no certificate verification has been enabled. I installed OpenVPN 2.5.4 on my Windows 10 machine.
I saw other posts here that said it's automatic, but that has not been my experience so far.
Thanks again for any help you can offer.
The windows.zip file I downloaded from the Orbi contains these files:
- client.ovpn - which contains the instructions to OpenVPN, including the names of the certificate and key files
- ca.crt - which is the SSL certificate for the OpenVPN host
- client.crt - which is the SSL certificate for the OpenVPN clent
- client.key - which is a public key
Perhaps the issue is certificate verifacation. Looking at the smartphone ovpn file, I find this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA/name=EasyRSA/emailAddress=mail@netgear
Validity
Not Before: Jul 13 19:33:02 2018 GMT
Not After : Jul 8 19:33:02 2038 GMT
Subject: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=client/name=EasyRSA/emailAddress=mail@netgearThis leads me to believe that this is a self-signed SSL certificate. OpenVPN may complain about this, but there is a world of difference between connecting to a web site that claims to be Bank of America and connecting to MY OWN ROUTER.
I just downloaded the latest OpenVPN version and will see what it says about my Orbi connection........ (more to come)
Thanks for getting back to me. I will stay tuned! Also wondering how you download files from your router ... or maybe I misunderstood what you wrote? Either way, thanks and looking forward to working with you to fix this problem.
