NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi CBR 750 with OpenVPN for home setup?
Hello, I got some great help from Netgear on my OpenVPN install. It's up and running on my Orbi. Next step is to install certificate authentication to secure the connection. Does anyone have experi...
I keep getting warnings that state no certificate verification has been enabled. I installed OpenVPN 2.5.4 on my Windows 10 machine.
The same warnings directed me to visit the OpenVPN website. When I tried to get help there, the posts I found directed me ... back here.
Searching on this page led me here:
https://openvpn.net/community-resources/how-to/#numbering-private-subnets
But the most recent version of OpenVPN referred to is 2.3.x.
Before I go through all of the steps described for that, I want to know if there is a better/easier/other way to generate certificates with OpenVPN 2.5.4
I saw other posts here that said it's automatic, but that has not been my experience so far.
Thanks again for any help you can offer.
j4x4 wrote:
I keep getting warnings that state no certificate verification has been enabled. I installed OpenVPN 2.5.4 on my Windows 10 machine.
I saw other posts here that said it's automatic, but that has not been my experience so far.
Thanks again for any help you can offer.
The windows.zip file I downloaded from the Orbi contains these files:
- client.ovpn - which contains the instructions to OpenVPN, including the names of the certificate and key files
- ca.crt - which is the SSL certificate for the OpenVPN host
- client.crt - which is the SSL certificate for the OpenVPN clent
- client.key - which is a public key
Perhaps the issue is certificate verifacation. Looking at the smartphone ovpn file, I find this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA/name=EasyRSA/emailAddress=mail@netgear
Validity
Not Before: Jul 13 19:33:02 2018 GMT
Not After : Jul 8 19:33:02 2038 GMT
Subject: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=client/name=EasyRSA/emailAddress=mail@netgear
This leads me to believe that this is a self-signed SSL certificate. OpenVPN may complain about this, but there is a world of difference between connecting to a web site that claims to be Bank of America and connecting to MY OWN ROUTER.
I just downloaded the latest OpenVPN version and will see what it says about my Orbi connection........ (more to come)
Thanks for getting back to me. I will stay tuned! Also wondering how you download files from your router ... or maybe I misunderstood what you wrote? Either way, thanks and looking forward to working with you to fix this problem.
j4x4 wrote:
Thanks for getting back to me. I will stay tuned! Also wondering how you download files from your router ... or maybe I misunderstood what you wrote? Either way, thanks and looking forward to working with you to fix this problem.
On the Orbi web interface where OpenVPN is configured, there are three "click boxes" which are used to download the configuration files for Windows, for MacOS, and for Smartphone. (See image attached)
Under those boxes are links that will bring up the instructions for setting up OpenVPN on each type of client.
Thank you, that is how I downloaded OpenVPN 2.5.4 last week. Netgear tech support walked me through the download and install, but we did not manage to get the certificate part handled. Still trying things out ... I am reading that EasyRSA-3 needs to be downloaded separately, but also found posts elsewhere that stated the whole certificate authentication setup should be automatic with 2.5.4 ... OpenVPN tech support was not able to help me out since this is not their cloud-based VPN service ... so frustrating.
