NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R7000 V1.0.7.10_1.2.3 and V1.0.7.12_1.2.5 OpenVPN cannot connect
My OpenVPN was working until I installed firmware V1.0.7.10_1.2.3 - unfortunately, I do not know what version I had before that. I tried resolving upgrading to firmware V1.0.7.12_1.2.5, but no success in connecting.
I was running client installed from: openvpn-install-2.3.6-I602-x86_64
I tried upgrading to the following client, but no success in connecting: openvpn-install-2.3.9-I601-x86_64
I tried turning both cable modem (Motorola SB modem) and R7000 router off for 10 minutes, then powerd modem on, following by R7000 router but no success in connecting.
Here is my client1.ovpn content (with a dynamic DNS name masked):
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote xxxxxxx.xxxx.xxx 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
Here is the log file when OpenVPN tries to connect (with ISP IP Address changed):
Wed Apr 12 13:35:09 2017 pkcs11_protected_authentication = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_protected_authentication = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_protected_authentication = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_private_mode = 00000000
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_cert_private = DISABLED
Wed Apr 12 13:35:09 2017 pkcs11_pin_cache_period = -1
Wed Apr 12 13:35:09 2017 pkcs11_id = '[UNDEF]'
Wed Apr 12 13:35:09 2017 pkcs11_id_management = DISABLED
Wed Apr 12 13:35:09 2017 server_network = 0.0.0.0
Wed Apr 12 13:35:09 2017 server_netmask = 0.0.0.0
Wed Apr 12 13:35:09 2017 server_network_ipv6 = ::
Wed Apr 12 13:35:09 2017 server_netbits_ipv6 = 0
Wed Apr 12 13:35:09 2017 server_bridge_ip = 0.0.0.0
Wed Apr 12 13:35:09 2017 server_bridge_netmask = 0.0.0.0
Wed Apr 12 13:35:09 2017 server_bridge_pool_start = 0.0.0.0
Wed Apr 12 13:35:09 2017 server_bridge_pool_end = 0.0.0.0
Wed Apr 12 13:35:09 2017 ifconfig_pool_defined = DISABLED
Wed Apr 12 13:35:09 2017 ifconfig_pool_start = 0.0.0.0
Wed Apr 12 13:35:09 2017 ifconfig_pool_end = 0.0.0.0
Wed Apr 12 13:35:09 2017 ifconfig_pool_netmask = 0.0.0.0
Wed Apr 12 13:35:09 2017 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Apr 12 13:35:09 2017 ifconfig_pool_persist_refresh_freq = 600
Wed Apr 12 13:35:09 2017 ifconfig_ipv6_pool_defined = DISABLED
Wed Apr 12 13:35:09 2017 ifconfig_ipv6_pool_base = ::
Wed Apr 12 13:35:09 2017 ifconfig_ipv6_pool_netbits = 0
Wed Apr 12 13:35:09 2017 n_bcast_buf = 256
Wed Apr 12 13:35:09 2017 tcp_queue_limit = 64
Wed Apr 12 13:35:09 2017 real_hash_size = 256
Wed Apr 12 13:35:09 2017 virtual_hash_size = 256
Wed Apr 12 13:35:09 2017 client_connect_script = '[UNDEF]'
Wed Apr 12 13:35:09 2017 learn_address_script = '[UNDEF]'
Wed Apr 12 13:35:09 2017 client_disconnect_script = '[UNDEF]'
Wed Apr 12 13:35:09 2017 client_config_dir = '[UNDEF]'
Wed Apr 12 13:35:09 2017 ccd_exclusive = DISABLED
Wed Apr 12 13:35:09 2017 tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\'
Wed Apr 12 13:35:09 2017 push_ifconfig_defined = DISABLED
Wed Apr 12 13:35:09 2017 push_ifconfig_local = 0.0.0.0
Wed Apr 12 13:35:09 2017 push_ifconfig_remote_netmask = 0.0.0.0
Wed Apr 12 13:35:09 2017 push_ifconfig_ipv6_defined = DISABLED
Wed Apr 12 13:35:09 2017 push_ifconfig_ipv6_local = ::/0
Wed Apr 12 13:35:09 2017 push_ifconfig_ipv6_remote = ::
Wed Apr 12 13:35:09 2017 enable_c2c = DISABLED
Wed Apr 12 13:35:09 2017 duplicate_cn = DISABLED
Wed Apr 12 13:35:09 2017 cf_max = 0
Wed Apr 12 13:35:09 2017 cf_per = 0
Wed Apr 12 13:35:09 2017 max_clients = 1024
Wed Apr 12 13:35:09 2017 max_routes_per_client = 256
Wed Apr 12 13:35:09 2017 auth_user_pass_verify_script = '[UNDEF]'
Wed Apr 12 13:35:09 2017 auth_user_pass_verify_script_via_file = DISABLED
Wed Apr 12 13:35:09 2017 client = ENABLED
Wed Apr 12 13:35:09 2017 pull = ENABLED
Wed Apr 12 13:35:09 2017 auth_user_pass_file = '[UNDEF]'
Wed Apr 12 13:35:09 2017 show_net_up = DISABLED
Wed Apr 12 13:35:09 2017 route_method = 0
Wed Apr 12 13:35:09 2017 block_outside_dns = DISABLED
Wed Apr 12 13:35:09 2017 ip_win32_defined = DISABLED
Wed Apr 12 13:35:09 2017 ip_win32_type = 3
Wed Apr 12 13:35:09 2017 dhcp_masq_offset = 0
Wed Apr 12 13:35:09 2017 dhcp_lease_time = 31536000
Wed Apr 12 13:35:09 2017 tap_sleep = 0
Wed Apr 12 13:35:09 2017 dhcp_options = DISABLED
Wed Apr 12 13:35:09 2017 dhcp_renew = DISABLED
Wed Apr 12 13:35:09 2017 dhcp_pre_release = DISABLED
Wed Apr 12 13:35:09 2017 dhcp_release = DISABLED
Wed Apr 12 13:35:09 2017 domain = '[UNDEF]'
Wed Apr 12 13:35:09 2017 netbios_scope = '[UNDEF]'
Wed Apr 12 13:35:09 2017 netbios_node_type = 0
Wed Apr 12 13:35:09 2017 disable_nbt = DISABLED
Wed Apr 12 13:35:09 2017 OpenVPN 2.3.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 16 2015
Wed Apr 12 13:35:09 2017 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Wed Apr 12 13:35:09 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 12 13:35:09 2017 Need hold release from management interface, waiting...
Wed Apr 12 13:35:09 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Apr 12 13:35:09 2017 MANAGEMENT: CMD 'state on'
Wed Apr 12 13:35:09 2017 MANAGEMENT: CMD 'log all on'
Wed Apr 12 13:35:09 2017 MANAGEMENT: CMD 'hold off'
Wed Apr 12 13:35:09 2017 MANAGEMENT: CMD 'hold release'
Wed Apr 12 13:35:09 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 13:35:09 2017 LZO compression initialized
Wed Apr 12 13:35:09 2017 Control Channel MTU parms [ L:1590 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Apr 12 13:35:09 2017 Socket Buffers: R=[8192->8192] S=[64512->64512]
Wed Apr 12 13:35:09 2017 MANAGEMENT: >STATE:1492029309,RESOLVE,,,
Wed Apr 12 13:35:10 2017 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:143 ET:32 EL:3 AF:3/1 ]
Wed Apr 12 13:35:10 2017 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Apr 12 13:35:10 2017 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Apr 12 13:35:10 2017 Local Options hash (VER=V4): 'b498be7c'
Wed Apr 12 13:35:10 2017 Expected Remote Options hash (VER=V4): '26e19fc0'
Wed Apr 12 13:35:10 2017 UDPv4 link local: [undef]
Wed Apr 12 13:35:10 2017 UDPv4 link remote: [AF_INET]50.123.123.123:12974
Wed Apr 12 13:35:10 2017 MANAGEMENT: >STATE:1492029310,WAIT,,,
Just one note - someone had taken it that my OpenVPN is now up-and-running, but intermittently. In case anyone else have misunderstood me, let me clarify that this is not the case; rather, the hiccups I encountered was only during the initial Restore-to-Factory post above but have went away (without an explanation).
I am however going to test this new setup over the next week or two, and if all goes well, I will proceed by classifying this thread as "SOLVED". Until then, I will leave it as is.
29 Replies
I encountered the same issue when using 1.0.7.10. The way I resolved the issue is to stick to an older version of OpenVPN client (it seems OpenVPN official website released new versions recently, which doesn't work on my side), or use some other OpenVPN compliant clients (like Viscosity)
First, I forgot to mention in my post above that I have another Windows 7 machine running the following OpenVPN client which also worked successfully prior to the recent R7000 firmware upgrade, but no longer: openvpn-install-2.3.6-I602-x86_64
This client, openvpn-install-2.3.6-I602-x86_64 is dated 05-Mar-2015
The more recent client I am running, openvpn-install-2.3.9-I601-x86_64 is dated 16-Dec-2015
May I ask what older version of OpenVPN client are you using? I am really curious how far back in time one has to go to have a version that works.
Also, if it is indeed a new version of R7000 firmware that broke OpenVPN, shouldn't we get a fix to that R7000 firmware as opposed to running a 2+ year old version of the OpenVPN client?
1. At least from any potential security risk, that is.
2. Any new units of the Nighthawk software using similar firmware to the R7000 could be affected by this (assuming customers download the most updated OpenVPN client they can find) ?
Originally I tried 2.4.1 and failed, then tried 2.3.14 and worked, latest Viscosity also worked. You could try these versions and see if they can work, though I am not sure if your VPN issue is similar to mine.
I believe there should be at least some glitches with netgear VPN since 1.0.7.10. My VPN issues also started since 1.0.7.10. When enabling VPN, the VPN setting page doesn't refresh unless I manually do so. And then I have to use the version mentioned above to successfully connect to the VPN. Reset doesn't help.
I am going to hold off updating my router firmware or OpenVPN client software for a couple of weeks. Some other home issues higher on my priority list.
I hesiate to suggest you reset the router to factory then reconfigure. It is a pain in the a$$. I still wonder why the V1.0.7.12_1.2.5 firmware is only available via direct download.
- Kitsap
So, if I choose to factory reset, what version of the firmware should I upgrade to? I sure won't want the factory firmware from 2 yrs ago.
And what version of the OpenVPN client should I use?
That said, would another option be to downgrade the firmware directr to see if that works? As I mentioned on the OP, I believe the firmware update to V1.0.7.10.... screwed this up in the first place. Where would i get older firmwares?
Does Netgear support frequent these forums? Wondering if they do, if they can come in from a customer support standpoint. Should I try calling their support or they would simply say my indoor is out of warranty period and cannot help?Yes, Netgear employees or associates routinely reply in these forums. @ElaineM in particular.
I would recommend the https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.14-I601-x86_64.exe client software and the version of the R7000 firmware just before V1.0.7.10_1.2.3. V1.0.7.6 was the previous version. You can go to this link, at the bottom of the section of current versions there is a dropdown labeled previous versions. https://www.netgear.com/support/product/r7000.aspx#download
These two items worked well for me over an extended period of time. I did not even consider updating until the security issues surfaced with regard to the Netgear firmware several months ago.
- @kitsnap
Thanks alot for the references and suggestions. I will look into detail more after work today.
Btw what security issues are you referring to?Just an FYI.
I downloaded and installed the following firmware R7000: R7000-V1.0.7.10_1.2.3.chk
Then I installed the following OpenVPN on my Win 7 64bit OS laptop: openvpn-install-2.3.14-I601-x86_64.exe
I then downloaded and copied over the four OpenVPN config files from the R7000 to the laptop
No Success in connecting.
Short of erasing all configurations from the R7000 using the following steps (which will take time to re-setup), I am at a loss:
1. Click ADVANCED > Administration > Backup Settings.
2. Click Erase.
- Yes on the rename.
Used the uninstall in the OpenVPN folder No. Download the manual here: http://www.downloads.netgear.com/files/GDC/R7000/R7000_UM.pdf and go to page 192 to follow the procedure to return the router to factory settings.
- Thanks, haven't looked at that manual for over two yrs now.
Once I factory reset, would the R7000's firmware be the original one as well?
Assuming yes, I am thinking to first configure OpenVPN and using the following client:
openvpn-install-2.3.14-I601-x86_64.exe
If the OpenVPN connection works, then upgrade the R7000 firmware to:
R7000-V1.0.7.10_1.2.3.chk (or try 1.0.7.6 instead ? )
Then try the OpenVPN connection again.
How does this approach sound?The Factory Reset solved this issue, but not without a couple of small hiccups (unexpected behavior). Here is an abbreviated listing of steps I took:
R7000 Reset
Minor config changes like router pwd change, DHCP Range update, Dynamic IP setup, OpenVPN setup D/L OpenVPN config files to laptop (still running: openvpn-install-2.3.14-I601-x86_64.exe)
Verified that R7000's firmware has NOT changed: V1.0.7.6_1.1.99Tested OpenVPN connection - SUCCESSFUL
Updated Laptop OpenVPN to: openvpn-install-2.4.1-I601.exeTested OpenVPN connection - SUCCESSFUL
Updated R7000 firmware to: V1.0.7.12_1.2.5
Tested OpenVPN connection - SUCCESSFUL
Setup Control Access entries on R7000*** After setting some actively connected devices to "Allowed", I turn on the option "Block all new devices from connecting" (it was defaulted to "Allow all new devices to connect" )
Setup Static IPs for four devices (Reserve IP Address)Powered on two devices identified as having Static IP
*** Noticed Static IP rules are NOT being followed
Tested OpenVPN connection - NOT SUCCESSFUL
*** A line trying to open the router's ip address (192.168.1.1) keeps repeatingI turned on the option "Allow all new devices to connect"
Tested OpenVPN connection - SUCCESSFUL
unsure if I did anything at this point, but it was not anything major
I turn on the option "Block all new devices from connecting" (expecting the OpenVPN connection to possibly fail, again)
Tested OpenVPN connection - SUCCESSFUL (UNSURE why this did not work earlier)
Powered off two devices identified as having Static IP
Rebooted R7000
Powered on two devices identified as having Static IP
*** Verified Static IP rules are now being followed (UNSURE why this did not work earlier)
Tested OpenVPN connection - SUCCESSFUL
With
o R7000 firmware: V1.0.7.12_1.2.5
o OpenVPN from: openvpn-install-2.4.1-I601.exe
One last note: I did notice my ISP's assigned IP had changed after the R7000 reset to something totally different than for the past three+ years. Unsure if the ISP's IP address to my home changed during the same time I originally upgraded R7000 to V1.0.7.10, which is when I noticed OpenVPN not connecting, and/or whether the Dynamic IP service failed at the same time, or a combination. But just wanted to point this out.
Thanks everyone for the help, especially Kitsap.
If anyone likes to comment on the small hiccups (unexpected behavior) above and/or the change in ISP assigned IP address, feel free.
