NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Workaround for ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem for Sparc NAS (4.1.x firmware)
This workaround eliminates the redirection of http://nas-name-or-ip/admin to https://nas-name-or-ip/admin for NAS running 4.1.x firmware. It does require ssh to install.
Entering https://nas-na...
Thanks for this workaround - but could I ask how to do you actually make these changes step by step? I don't know how to access this to make the changes in BLUE that you've highlighted.
ReadyNAS RND2000 v?
If you do NOT have a Linux go to STEP 4, for the step by step NAS configuration.
ALWAYS SAVE A COPY OF THE ORIGINAL FILE.
Step by Step: For those who have a Linux PC. (Fedora version)
STEP 1: First you have to login as Root. (Open the "Terminal") and use the "su" command
at the command line: eg: [yourname@fedora~]$ su (Press Enter)
(Enter your root password. (This step is necessary because you are going to use SSH to connect to your NAS as "Root" user.)
STEP 2: Start the SSH session :eg: root@Fedora mike ]# ssh (Enter)
The problem is : You can NOT connect with SSH because of the same problem. you will get an error like: "
Unable to negotiate ....no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
To fix this problem first, you have to modify the SSH config file at: etc/ssh and add a new command. "a new rule"
At prompt enter : cd /etc/ssh then open the file "ssh_config" with "vi" then add
one commend line WITHOUT the "hashtag" (#) KeyAlorithms diffie-helmman etc (the bold line)
Example: (The Bold line)
# etc....
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
# This system is following system-wide crypto policy.
# etc ....
And now save the file.!!!! (Always good to save a copy of the original ssh_config file!!!!)
STEP 3: Now you can connect to the NAS via SSH
at the prompt connect to your NAS by using the SSH command
eg: root@fedora mike]# ssh 192.168.1.200 (enter) (Enter "yes" to accept the first time key exchange)
== ====AND NOW YOU ARE CONNECTED TO YOUR NAS via SSH as Root user ===
The prompt will change into something like this:
example: name_of_your_NAS:~#
STEP 4: (Modify the Virtual.conf file)
Enter cd /etc/frontview/apache/ (The directory where the "Virtual.conf" file is located
use the "ls" command to view the files if necessary.
open this file with "vi" command. (vi Virtual.conf) [with Capital "V" !!!!]
it will look like this:
#vers=2
<VirtualHost _default_:80>
SSLEngine off
RewriteEngine on
RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
</VirtualHost>
Make ALL the Bold lines a comment or "deactivate" them by adding the "#"
<VirtualHost _default_:80>
SSLEngine off
#Start here
#RewriteEngine on
#RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
#RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
#end here
</VirtualHost>
The "Start here" and "End here" are some extra comments to help you remember what you did.
Safe the file and reboot your NAS and now you can connect without any problem. Remember it is not a secure connection!
I hope there will a new firmware update soon đ
efgtest wrote:
ReadyNAS RND2000 v?
Step by Step: For those who have a Linux PC. (Fedora version)
Thanks for the addition about changing the ssh config on a linux PC. FWIW, that isn't required with Windows at this point.
If you have a Duo v2 - which says "ReadyNAS Duo v2" on the front panel - then I suggest using an old browser version, and installing the rnxtras add-on first. That enables TLS 1.2 on the Duo. If you still want to eliminate the https redirection for some reason, you can proceed with doing that.
Step 4 is already described in the earlier step by step (other than the use of vi).
efgtest wrote:I hope there will a new firmware update soon
I don't think that will ever happen. Netgear said there would be no more updates for these models in September 2016. They did provide one more after that in response to WannaCry in May 2017. But I think it's pretty clear they are done now - it's been 9 years since they stopping manufacturing them.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
