NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi RBK353 (350 with 2 satellites) VPN Error on Android mobile
Hi all,
I just switched from a nighthawk R6800 to an Orbi RBK353 mesh (RBK350 router and 2 satellites). I am really pleased with the Orbi generally, except for the VPN service.
The router F/w is V4.4.1.29_3.10.80, my Android is running version 9, and the OpenVPN client is the latest on Google Play.
I had a VPN on my R6800 which worked for 5+ years without issues, was really easy to setup and never failed me. Setting up the same service on my Orbi with new client configs for my windows and android devices has been less than inspiring - I have managed to get the Windows service working, but only after many hours of trying various web posted solutions. The one that worked for Windows was to add a line at the end of the config "Remote-cert-tls server".
However, adding that to the Android config fail achieves nothing. I get the exact same error and am now going round in circles. The full error message is:
Transport Error:OpenSSLCOntext::read_cleartext:BIO_read failed,cap=2576 status=-1:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
My config file is standard as produced by the router for Android - a smart_phone.ovpn which is a unified config with the certs and keys included.
I am using a DDNS (which is updated and working).
Anybody got any ideas? I would really appreciate any help here.
Thanks
Hi CrimpOn,
Thanks for the response. Your config is exactly the same as mine where it matters (obviously different server addresses etc - I use a NoIP DDNS pointing back to my router).
I have found a solution this afternoon though. Where the issue is, I still can't say especially as some users with OpenVPNConnect are fine, and others aren't.
The solution was to install another VPN client software, called "OpenVPN for Android" written by Arne Schwabe, and available on Google Play. While this is not my preferred option, as I would rather use the official app, it has solved the problem. It appears therefore that there is a bug in OpenVPN Connect. Odd, as other users are having no issues, and I didn't on my R6800. It only started once I had switched to the Orbi. I suspect that the "bug" is a mismatch between the Orbi server settings and OpenVPN Connect.
Interestingly, in order to eliminate a very similar issues on Windows, I had to add a line to the end of my config file:
Remote-cert-tls server
Whatever the issues are, the solution for Android is to install and use OpenVPN for Android, and not the official OpenVPN app.
Cheers
19 Replies
Bummer. This is using a config file produced by the new Orbi RBR350 router?
The Android configuration that I am using for an older Orbi RBR50 is this:
client dev tun proto udp remote xxxxxxxx.mynetgear.com 12973 resolv-retry infinite nobind persist-key persist-tun <ca> -----BEGIN CERTIFICATE-----OpenVPN Connect 3.3.1 , updated Feb 22, 2023 on Android 10.
The OpenVPN log file:
08:54:56.172 -- ----- OpenVPN Start ----- 08:54:56.173 -- EVENT: CORE_THREAD_ACTIVE 08:54:56.175 -- OpenVPN core 3.git::d3f8b18b:Release android arm64 64-bit PT_PROXY 08:54:56.175 -- Frame=512/2048/512 mssfix-ctrl=1250 08:54:56.181 -- UNUSED OPTIONS 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 13 [verb] [5] 08:54:56.181 -- EVENT: RESOLVE 08:54:56.392 -- Contacting 172.249.112.236:12973 via UDP 08:54:56.392 -- EVENT: WAIT 08:54:56.396 -- Connecting to [xxxxxxxxxx.mynetgear.com]:12973 (xxx.xxx.xxx.xxx) via UDPv4 08:54:56.585 -- EVENT: CONNECTING 08:54:56.588 -- Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client 08:54:56.588 -- Creds: UsernameEmpty/PasswordEmpty 08:54:56.589 -- Peer Info: IV_VER=3.git::d3f8b18b:Release IV_PLAT=android IV_NCP=2 IV_TCPNL=1 IV_PROTO=30 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 IV_GUI_VER=net.openvpn.connect.android_3.3.1-9079 IV_SSO=webauth,openurl 08:54:56.685 -- VERIFY OK: depth=1, /C=TW/ST=TW/L=Taipei/O=netgear/OU=netgear/CN=netgear CA/name=EasyRSA/emailAddress=mail@netgear, signature: RSA-SHA256 08:54:56.686 -- VERIFY OK: depth=0, /C=TW/ST=TW/L=Taipei/O=netgear/OU=netgear/CN=server/name=EasyRSA/emailAddress=mail@netgear, signature: RSA-SHA256 08:54:56.840 -- SSL Handshake: peer certificate: CN=server, 1024 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD 08:54:56.840 -- Session is ACTIVE 08:54:56.841 -- EVENT: GET_CONFIG 08:54:56.843 -- Sending PUSH_REQUEST to server... 08:54:56.997 -- OPTIONS: 0 [dhcp-option] [DNS] [192.168.1.1] 1 [route-gateway] [192.168.2.1] 2 [topology] [subnet] 3 [ping] [10] 4 [ping-restart] [120] 5 [redirect-gateway] [def1] 6 [ifconfig] [192.168.2.2] [255.255.255.0] 7 [peer-id] [0] 8 [cipher] [AES-256-GCM] 08:54:56.998 -- PROTOCOL OPTIONS: cipher: AES-256-GCM digest: NONE key-derivation: OpenVPN PRF compress: LZO_STUB peer ID: 0 08:54:56.999 -- EVENT: ASSIGN_IP 08:54:57.021 -- Connected via tun 08:54:57.022 -- LZO-ASYM init swap=0 asym=1 08:54:57.022 -- Comp-stub init swap=0 08:54:57.023 -- EVENT: CONNECTED info='xxxxxxxx.mynetgear.com:12973 (xxx.xxx.xxx.xxx) via /UDPv4 on tun/192.168.2.2/ gw=[192.168.2.1/]'Hi CrimpOn,
Thanks for the response. Your config is exactly the same as mine where it matters (obviously different server addresses etc - I use a NoIP DDNS pointing back to my router).
I have found a solution this afternoon though. Where the issue is, I still can't say especially as some users with OpenVPNConnect are fine, and others aren't.
The solution was to install another VPN client software, called "OpenVPN for Android" written by Arne Schwabe, and available on Google Play. While this is not my preferred option, as I would rather use the official app, it has solved the problem. It appears therefore that there is a bug in OpenVPN Connect. Odd, as other users are having no issues, and I didn't on my R6800. It only started once I had switched to the Orbi. I suspect that the "bug" is a mismatch between the Orbi server settings and OpenVPN Connect.
Interestingly, in order to eliminate a very similar issues on Windows, I had to add a line to the end of my config file:
Remote-cert-tls server
Whatever the issues are, the solution for Android is to install and use OpenVPN for Android, and not the official OpenVPN app.
Cheers
My DDNS is also through No-IP.com
Very puzzling. Where did my log file differ from yours?
