NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi Firmware Upgrades Not Keeping Up With OpenVPN Security Standards
Greetings!
I am leveraging the VPN function on the Orbi which is using the OpenVPN. I have not been having a problem until around early last year when our connections using OpenVPN are now showing this error:
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
DEPRECIATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM: AES-128-GCM). Open VPN ignores --cipher for cipher negotiations
OpenVPN has made this change to remove compression way back in 2023-01. So this compression issue is preventing connection with VPN. Why hasn't NETGEAR been keeping up with this and making changes to VPN with Firmware upgrades. How can I fix this issue and get my VPN back up and running?
26 Comments
While looking around in the second source market for an affordable Orbi Pro for my home test environment (and the pure curiosity to see the issues and limitations like the non-up2date OpenVPN - non-workable with any OpenVPN systems in the field as of writing, and less the expected incomplete and broken https implementation) I found the Orbi Pro Wi-Fi 6 AC models SRR60 and SRS60 re still readily available - brand new from the distributor, not on some reseller stock - in the market. That much about what the misleading EOL list (updated in May 2024) is worth. Wonder when the newly appointed CTO - the emails are going through - will find the time to reply if the other mangers in charge for the SMB BU don't feel any responsibility in communicating and make engineering to do the job they are paid for.
Yes, is DO understand what EOL entry on this list means: No longer orderable new from the factory. Most readers here don't.
Nobody is talking of -new- issues here ErwinL
So you tell us - officially and on behalf of Netgear - that existing stock can't no longer be maintained (software-wise), and existing users can request the replacement by an identical [much more Netgear] have a language problem here and is maneuvering into a big trap. Identical ???
Not a lawyer, but please explain what an identical model is in your understanding, and in Netgear's still non-existing product life cycle publication for SMB devices. Is the idea -really- that Netgear does take the risks involved continuing selling these devices to customers - especially in the view that Netgear does -not- have any newer products with the feature set anywhere near to the Orbi Pro and Orbi Pro Wi-Fi 6 (just to name two examples).
A reasonable product life cycle documentation is https://www.cisco.com/c/en/us/products/eos-eol-policy.html
Netgear must change and adopt right away. Otherwise, the complete Netgear business market is killed, obsolete, and the loyal system integrators must stop promoting and selling Netgear right now - because Netgear became this minute an untrusted vendor, not better than any lowest cost garbage manufacturer we find on the grab table at Walmart, Carrefour (Europe, Asia), Otto's (Switzeland), MediaMarkt/Saturn, ...
YeZ JohnHenkel wake up before it's to late!
Or can we talk about the nightmare Netgear left in to the customers promoting the BR500, later BR200 - the marketing blush is still in the community in prominent locations. This was about the begin if the end where Netgear rendered hundreds of customer devices useless back then. Same now obsolete OpenVPN all over Netgear consumer and "busines" router offering, again rendering a lot of Netgear devices no longer worth the scrap metal value -! despite of the Insight licences still valid.
Simply the worst customer experience for business owners. Does Netgear seriously expect we will continue buying the expensive (but nice) M4300, M4250, M4350 Managed Business switches when not knowing these can be EOLed every minute? LaurentMa DavidGo
What Netgear does is simply ways off from Business Class!
Hello schumaku
Generally, when I said maintenance of software side of the device I mean the firmware updates. You will notice for some devices which are already EOL they have firmware updates posted long time ago. This means that Netgear does not provide updates of the firmware anymore. Anyone are free to switch from old firmware to the last one posted on our site.
When I refer to identical model, what I mean is the exact same model number of the device. I guess for some customer's requirements EOL devices still fits to what they only need and can continue using it. Netgear does not stop developing newer and better products, this is why in my perspective some became EOL.
Have a lovely day,
Erwin
Netgear TeamWith all due respect: Like Netgear, you still don't understand. Of course, one can continue using it. However the lack of OpenVPN updates does render the these devices useless, and the same issue does exist - and started to exist when the newer and latest firmware were made available.
Different from professional business class product vendors, Netgear does still not publish any life cycle information. Three years would be industry standard, three years for announcements. So if you are happy talking about EOL, like your managers are. Useless. Consumer garbage.
-Kurt.
Hello @schumaku
I think we would be asking the same question with other tech companies like Microsoft, Apple and the like. Where they stop support for updates on their previous OS. Some users still use their old OS for some specific software as well but why not just update instead of creating a whole new OS so users can continue with the software they want to use. I believe if OpenVPN is gone from the router it does not affect other features and functions which does not make the router useless. I think, generally there is reasonable plan why they are doing this. I myself have been repeatedly affected by this principles when dealing with tech updates of products from different companies I got at home. And I know the feeling and frustration at times but I got use to it and learned to accept such policies.
Have a lovely day,
Erwin
Netgear TeamMicrosoft has clear published product life cycles.
https://learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro
https://learn.microsoft.com/en-us/lifecycle/products/windows-11-home-and-pro
https://learn.microsoft.com/en-us/lifecycle/products/windows-11-enterprise-and-education
Netgear has NONE.
If we buy today say M4350-12X12F (XSM4324), PS460X, and BE750 (these units are already delivered as demo samples to Netgear Switzerland and are ready to pick up this week, and we already agreed and placed a order for more) we have ZERO information on the expected product life cycle. Netgear can as of now EOL and stop supporting these every second. And this is -not- acceptable in the market for business class devices.
A good example what we expect from every vendor is this:
====
Scope
Cisco’s End of Life Policy (“Policy”) applies to all Cisco hardware, software, cloud services and service offers (collectively “Products”) that have their own unique product part number or product identifier (“PID”). Versions or releases of a Product that do not have a unique PID are not subject to this Policy.
This Policy covers all new EOL notifications made in all theaters on or after September 29th 2022. It does not apply to a Cisco Product that is already subject to an EOL notification as of September 29th 2022.
Policy
End of Life Milestones:
- External notification of end of sale is typically six (6) months before the End of Sale (“EOS”) date, which is the date after which you can no longer purchase the relevant Cisco Product. Such notice will appear on cisco.com at http://www.cisco.com/c/en/us/products/eos-eol-listing.html. Please visit this site regularly as it contains useful information regarding Cisco's end-of-life program. Sign up to receive notifications at the Cisco Notification Service.
- No subscriptions (including renewals) with a term extending beyond Last Day of Support (“LDOS”) will be sold after the EOL Notification Date.
- The Last customer ship date for hardware is three (3) months after the hardware EOS date.
Cisco will provide the following to customers with active support contracts or subscriptions (including cloud services):
- One (1) year of routine failure analysis for hardware from the EOS date.
- One (1) year of bug fixes, maintenance releases, workarounds or patches for critical bugs from the EOS date, when reported to TAC. After the first year, Cisco will provide bug fixes, workarounds and/or patches, where available, for (i) two (2) years for OS software, and (ii) one (1) year for application software. Customers may be required to install a newer software version to receive the above software support.
- Three (3) years of TAC support for OS software from the software EOS date, except for the final release of the OS software running on EOS hardware as noted below.
- Two (2) years of TAC support for application software from the EOS date.
- TAC support from the EOS date until the end of the term for subscription software and cloud services.
- Five (5) years of TAC support for hardware from the EOS date. TAC support for the final release of OS software running on the EOS hardware will be coterminous with the hardware LDOS, regardless of the OS software EOS date.
- Five (5) years of replacement parts for hardware from the EOS date, in accordance with Cisco’s Return Materials Authorization (RMA) process.
Customers may:
- Add a new support contract to hardware (including OS software) and application software for up to one (1) year from the EOS date, provided the contract end date does not exceed LDOS.
- Renew support contracts for hardware (including, OS software) and application software, provided the contract end date does not exceed LDOS.
- Renew or add on to an existing software subscription or cloud service on or after the EOS date, provided the new subscription end date does not exceed the last date the subscription or cloud service is available as determined by Cisco.
EOL Milestone Table
This is all well explained in the ITIL Framework and in the PPDIOO Framework, a network lifecycle model proposed by Cisco.
Definitions
For purposes of this policy, the following definitions apply:
End of Life (EOL) A process that guides the final business operations associated with the Cisco Product life cycle. The end-of-life process consists of a series of technical and business milestones and activities that, once completed, make a Product obsolete. Once obsolete, the Product is not sold, improved, maintained, or supported. End of Sale date (EOS) The Product is no longer offered for sale after this date. This is also the last date to order the Product through Cisco point-of-sale mechanisms. The EOS date is documented in the EOL notification. EOL Notification Date The date on which the end of sale and the end-of-life milestones for a Product is communicated to the public. Last Date of Support (LDOS) The last date to receive support as entitled by active service contracts for covered Cisco hardware and software. After this date, support is no longer available.
