NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Aspirant

Oct 23, 2025

RS700 VPN Service certs incomplete?

I've been setting up NoIP and the VPN Service on my RS700. I'm on firmware version V1.0.9.6_2.0.100. After much tinkering and following much of the helpful advice here, I have a connection that ...

Guru - Experienced User

Oct 24, 2025

MrChrisH wrote:
The certificate provided by the router seems to be missing the necessary Key Usage (KU) flags.

Are you seeing a section like this in client.crt?

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication

Aspirant

Oct 24, 2025

No. I'm not seeing a section with that header.

StephenB
Guru - Experienced User
Oct 24, 2025
MrChrisH wrote:
No. I'm not seeing a section with that header.

That is why you have the problem.

FWIW, I missed a second relevant line from my client.crt (from an Orbi, not an RS700):

X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature

Only Netgear can fix this, as adding this text would invalidate the cert's digital signature.

All you can do for now is remove remote-cert-tls server.
- MrChrisH
  Aspirant
  Oct 24, 2025
  Interesting. I thought the issue was in the generated server cert and it needing the Key Usage defined. Maybe I have issues in two places! Thanks for sharing.
  
  Let's see what Netgear come back with
  - StephenB
    Guru - Experienced User
    Oct 24, 2025
    MrChrisH wrote:
    I thought the issue was in the generated server cert
    
    Could well be there too.