NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Using a CA SSL Certificate (from NameCheap) to enable SSL VPN
I am trying to enable SSL VPN on FVS336G. I have taken the trouble to obtain a certificate, and I have registered a corresponding domain that resolves to the static IP address of my router.
I u...
Hi macounwr,
I think I might have seen those errors in the past. It would be great if you will send me the login and pw (through PM) so I can test it myself, I'll definitely play around with it on the lab. But before that, I need you to see this old article I have found. Click here to download.
I hope this one will work. I'll look forward to your update.
Thanks,
I have had my certificate re-issued by NameCheap, following closely the csr generation in the script you sent. There is a delay in reissuing, but as soon as I have it, I will reinstall according to the last steps in the script, and see where that gets me. Should know tomorrow.
If I still have problems, I will send login info.
How do I PM to you?
I seem to have made major progress. Following the script you sent, I re-acquired the certificate from NameCheap, and now I am able to connect from outside without any of the bad certificate messages. Accessing the VPN applet, I still encounter the certificate issues, and I am unable to establish a tunnel.
I can send you login info to enable you to login as administrator.
I can also give you the login credentials for VPN, if you want to see the bahavior for yourself.
Still need to know how to PM to you.
Thanks,
Macounwr
Figured out PM, and have sent login credentials for both remote admin and for VPN portal.
Hello Macounwr,
Got your PM, I'll try it as soon as I can. Did you try using other browsers when using the applet?
I'll give you updates once I have tested your tunnel.
Thanks,
Tried both IE and Firefox, same results with both; login successful, but clicking applet got a succession of messages saying certificate isn't trusted.
I think I will go back and follow the script you gave me, using the same certificate issuer as in the script. I will do that tomorrow morning.
I'm waiting to complete registration with RapidSSL. In the meantime, I accessed the VPN portal with Safari (Mac IOS), and got somewhat more detailed diagnostics. Here are several screenshots:
https://www.dropbox.com/s/oanlsf172h0a9is/Screenshot%202015-08-29%2010.09.08.png?dl=0
https://www.dropbox.com/s/l1wmupl3yfhgbrb/Screenshot%202015-08-29%2010.09.41.png?dl=0
https://www.dropbox.com/s/y685pwk46iyydvz/Screenshot%202015-08-29%2010.09.57.png?dl=0
https://www.dropbox.com/s/29jwsw6dzqfce38/Screenshot%202015-08-29%2010.16.57.png?dl=0
It seems as though browsers are happy with certificate status through login, but that the java applet is still not happy.
I added the root certificate to Java, but that didn't change anything. I'll try also adding the certificate for harvardpress.info.
I am beginning to think the issue is centered on java security.
I have another netgear router (SRXN3205) that is about the same age as the FVS336G. Several years ago, I had a working SSL VPN configuration, so I went back and tried it, and I encountered the same problem.
With that box, I never bothered with a certificate, I just confirmed the security exception messages. Now, when I do the same, I can get up to the presentation of the applet, and I have added the site to the java security exception list, but once I click on the applet, I get no further.
I am still waiting for issuance of the RapidSSL trial certificate. I can follow up tomorrow during M-F business hours.
I have obtained and installed the FreeSSL certificate, having followed the script you sent.
Result is the same. I am able to login via the SSL VPN portal I created, and get to the VPN applet, but when I click it, I start getting certificate warnings, and in the end, tunnel is not achieved.
I did not install the intermediate certificates mentioned in the email from FreeSSL; I only installed the CA certificate mentioned in the script. Is that an issue?
Hello Macounwr,
I agree, must have something to do with java. Tested using the info you gave me on an older version of windows, still showed the same error. I'll see if I can find something else to help you with this one. I hope that other users might give us some input on this. Try installing the intermediate certificates and see how it goes.
Thanks,
I installed first one, and then three, intermediate certificates, rebooted the router after each reinstall, but i all cases, result is the same. I can get to the java applet, but the tunnel doesn't get opened.
I am very close to giving up on Netgear as an SSL VPN provider. If I am unable to get an IPSEC client that will work on Windows 10, I think I have to look elsewhere.
Other option I am considering is buying the fvs318g for my remote user, and letting him set up a router to router ipsec tunnel. Only problem with that is, I am finding a lot of negative comments on that router, so not even sure if that is a solution.
Other ideas are welcome.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
