Reply

D7000 OpenVPN MD5 issue....

XtheUnknown
Aspirant

D7000 OpenVPN MD5 issue....

So now that all ios devices have had v3 of the OpenVPN client pushed out to them, the whole VPN setup has come crashing down.

 

When can I expect a firmware update for my D7000 which generates the VPN certificates in the format required by the OpenVPN client?

 

After all, this has been flagged as a forthcoming issue by OpenVPN themselves for 6 months plus....

 

PS V1.0.1.66 Doesn't fix it!

Message 1 of 17
jahaddow
Initiate

Re: D7000 OpenVPN MD5 issue....

+1 - having the exact same issue. Can no longer access my VPN

Message 2 of 17
schumaku
Guru

Re: D7000 OpenVPN MD5 issue....

@ChristineT - more than strange Netgear was and is unable to update all these router models to an OpenVPN version and configuration supporting SHA256 signed keys (and ideally an optional upgrade from 1024 bit keys to at least 2048 bit keys - as 1024 is more than weak nowadays). This major change was announced by OpenVPN more than one year ago - and your customers continue to suffer from the loss of the OpenVPN connectivity home or the small office.

Message 3 of 17
mcrs969
Luminary

Re: D7000 OpenVPN MD5 issue....

Hi Guys,

 

have the same issue with my D7000 with FW .68.

Orbi 40 works with VPN but apparently D7000 was not updated yet. Recommendations/suggestions/tips?

 

Message 4 of 17
xrist04
Aspirant

Re: D7000 OpenVPN MD5 issue....

Same problem.  My D7000 is creating VPN certificates with MD5 signatures.   MD5!  Really??  Come on, NETGEAR!   MD5 was fully broken by collision attack in 2004.

 

Where can I obtain firmware for my D7000 that produces proper, secure certificates for VPN?

Model: D7000v1|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 5 of 17
j1n4o
Tutor

Re: D7000 OpenVPN MD5 issue....

Most of the other Nighthawk model got hotfix releases for the MD5.

Does anyone know if one is to be released for the D7000 or we are left with a bricked VPN feature and the bitter flavour from Netgear's exceptional support?

There is a guide to DIY uplaod certs but should we go through it if Netgear plans to release something?

 

Model: D7000v1|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 6 of 17
schumaku
Guru

Re: D7000 OpenVPN MD5 issue....

Message 7 of 17
hushnecampus
Guide

Re: D7000 OpenVPN MD5 issue....

Do you have the link to this DIY guide?  I'm fed up waiting for Netgear on this one.

Message 8 of 17
j1n4o
Tutor

Re: D7000 OpenVPN MD5 issue....

Message 9 of 17
hushnecampus
Guide

Re: D7000 OpenVPN MD5 issue....

I've tried the suggestion there of generating your own certs, but it seems with the D7000 (or at least with mine) the certs are restored to the originals when the device restarts.

Message 10 of 17
hushnecampus
Guide

Re: D7000 OpenVPN MD5 issue....

Managed to get it working!

 

For anyone else having this problem:

 

I followed the PDF guide in the post linked to above, but I found the files that need to be replaced are in actually in /usr/openvpn, not /tmp/openvpn as suggested in the guide.  The ones in /tmp are automatically copied from the ones in /usr upon reboot of the device (which makes sense - you don't expect the contents of /tmp to be permanent).  There were also some files which I deleted as there was no replacement for them generated with the new keys (I think they ended .csr) - I kept only the files generated myself.  I'm not sure whether deleting those is necessary or not, but it's working now!

Message 11 of 17
j1n4o
Tutor

Re: D7000 OpenVPN MD5 issue....

I can also confirm the method is working just fine.

I also made the changes directly in /usr/openvpn and deleted the two *csr files + the ca.key. also the pem file in my device was dh2048.

Note there is a D7000-V1.0.1.70 firmware recently released but still does not fix the MD5 issues and after updating had to re-upload the certs.

 

Message 12 of 17
Adriatic74
Aspirant

Re: D7000 OpenVPN MD5 issue....

Is there anyone from Netgear reading this? 

Model: D7000v1|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 13 of 17
w3wilkes
Prodigy

Re: D7000 OpenVPN MD5 issue....


@Adriatic74 wrote:

Is there anyone from Netgear reading this? 


In a word... NO. Netgear considers these forums user to user only. Your only option is to contact Netgear support. You can try the Support link at the top of the page or see if you can find a phone number for your country. If you go the phone route and are beyond your device setup window Netgear will want to charge you and they've been known to attempt charging you even if you are within the setup support window. From what I've seen Netgear doesn't really care about supporting consumer level devices unless it's some major security hole. Good luck!

D7000v2 / DGND3700v1
Message 14 of 17

Re: D7000 OpenVPN MD5 issue....

As it says in:

 

NETGEAR Community Terms Of Service | Answer | NETGEAR Support

 


NETGEAR’s involvement is optional and limited. NETGEAR may respond to questions but does not formally provide technical support on the Community. Any information that is provided by NETGEAR or NETGEAR employees is offered on an "AS IS" basis without warranties of any kind.

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 15 of 17
hushnecampus
Guide

Re: D7000 OpenVPN MD5 issue....

I can understand why they'd make those the forum conditions, but their lack of support for an issue like this is pretty **it isn't it?  If they'd fixed it promptly it wouldn't need to be raised in the forums at all.

Message 16 of 17
vinnie
Tutor

Re: D7000 OpenVPN MD5 issue....

Thank you for confirming that the Firmware Version V1.0.1.70_1.0.1 still does not fix the MD5 issue.  Saved me time and frustration to test myself.  I wonder if Netgear will ever get a supported and secure VPN solution for the D7000?  

Message 17 of 17
Top Contributors
Discussion stats
  • 16 replies
  • 6038 views
  • 10 kudos
  • 11 in conversation
Announcements

Orbi WiFi 6E