NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
[X10 (R9000)] cannot regenerate or invalidate VPN credentials
I'm shocked I spent so much on a high end router, and I'm stuck with the static OpenVPN configuration on the router. There is no way to invalidate old keys, generate new keys, or have multiple active keys. This is a significant security design issue. Once you give a key out, or if you accidentally expose it, there is no way to kill it. Even if you are the only user using your VPN, there is a chance your device can be stolen or compromised, forcing you to question whether your home VPN credentials have also been compromised. There is no reason why you should need to buy a new router just to rotate your keys.
The kicker is the manual even suggests changing the default SSID and network password. I don't know why they wiould suggest this if they thought the default installation was private and secure. If Netgear believes it is better security to use your own custom security credentials, then they should allow you to do the same with the OpenVPN configuration.
The OpenVPN feature on the X10 is too minimal to be trusted.
- They need to address this across their product lines. A fixed key is a problem. Plus it is signed with MD5 and should be SHA2 now.
8 Replies
Then I would install DD-WRT.. I understand it should do this out of the box, but if you are beyond returning it or there is really no way to do this with the factory image, look into DD-WRT. I know they have two different variants for this router, because I own it as well.
You can always go back to factory image as well. Read up on it...
- Yes I know about dd-wrt. This is a complaint regarding Netgear's supported firmware. The design is insecure.
I may go to dd-wrt, but was only going to do that if there are critical features I need. Several hardware features are not supported by dd-wrt, and it is not officially supported by Netgear. Additionally if there are two hardware versions as you indicate, dd-wrt may have less support from the open source community (fewer users per version).Well, one supports Plex while the other does not. But yes, I am with you. I am still running stock.
