I've been setting up NoIP and the VPN Service on my RS700. I'm on firmware version V1.0.9.6_2.0.100. After much tinkering and following much of the helpful advice here, I have a connection that works. However, I am getting this error in the log, which I have seen others post about but update the firmware seems to be the solution(?). I'm on the latest firmware. Thu Oct 23 17:12:39 2025 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. When I add remote-cert-tls server to my .ovpn file, which in my understanding is good practice to include, my connection fails:Thu Oct 23 17:15:09 2025 Certificate does not have key usage extensionThu Oct 23 17:15:09 2025 VERIFY KU ERROR I've stopped started the VPN Service multiple times, re-copied the config files etc but can not get the connection working with remote-cert-tls server in my .ovpn file. The certificate provided by the router seems to be missing the necessary Key Usage (KU) flags. How do I fix this, please?

Just checking to see if you have updated FW to check this? Nighthawk Firmware Releases | NETGEAR Communities

Thanks for checking, yes, I'm on firmware version V1.0.9.6_2.0.106. I updated fw again this AM, as I noticed a very recent new version, and reconfigured openvpn and downloaded config files from the router. I still get the "Certificate does not have key usage extension" error and the connection fails when I include remote-cert-tls server in my config.

FW version should be v.16 though. Can you confirm this?

Sorry, yes, I've just double checked on the router, it's V1.0.9.16_2.0.106, so yes, v.16

Ok, passed this on to NG for review. For reference what brand and model # ISP modem/ONT is connected to the RS router? Any other troubleshooting been performed to check this? What device brand and model# are you using?

RS700 VPN Service certs incomplete?

15 Replies

FURRYe38
Guru - Experienced User
Oct 24, 2025
Just checking to see if you have updated FW to check this?

Nighthawk Firmware Releases | NETGEAR Communities
- MrChrisH
  Aspirant
  Oct 24, 2025
  Thanks for checking, yes, I'm on firmware version V1.0.9.6_2.0.106. I updated fw again this AM, as I noticed a very recent new version, and reconfigured openvpn and downloaded config files from the router.
  
  I still get the "Certificate does not have key usage extension" error and the connection fails when I include remote-cert-tls server in my config.
  - FURRYe38
    Guru - Experienced User
    Oct 24, 2025
    FW version should be v.16 though. Can you confirm this?
StephenB
Guru - Experienced User
Oct 24, 2025
MrChrisH wrote:
The certificate provided by the router seems to be missing the necessary Key Usage (KU) flags.

Are you seeing a section like this in client.crt?

X509v3 Extended Key Usage: TLS Web Client Authentication
- MrChrisH
  Aspirant
  Oct 24, 2025
  No. I'm not seeing a section with that header.
  - StephenB
    Guru - Experienced User
    Oct 24, 2025
    MrChrisH wrote:
    No. I'm not seeing a section with that header.
    
    That is why you have the problem.
    
    FWIW, I missed a second relevant line from my client.crt (from an Orbi, not an RS700):
    
    X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature
    
    Only Netgear can fix this, as adding this text would invalidate the cert's digital signature.
    
    All you can do for now is remove remote-cert-tls server.

Forum Discussion

RS700 VPN Service certs incomplete?