× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Announcements

Polls
What is your Experience with NETGEAR Insight cloud management?
Top Contributors

VPN Certificate Change

Dear Netgear & Orbi Pro Supporter

I recently bought the Orbi SXR80 router and want to use VPN to remotely connect to my office. But I am amazed that the certificates for the connection cannot be changed in the administration interface. VPN is unusable because if the certificate falls into the wrong hands, anyone can connect to my device via VPN. This happens quickly if a cell phone is lost or stolen. Why not add a function to change the certificate? This should be very easy to do. According to the following link, this was apparently already planned:

https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/Orbi-Pro-SRK60-Revoke-OpenVPN-clie...

This function is also required by other users:
https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/How-to-renew-VPN-private-key/m-p/1...

I urgently ask you to install this function, because without a VPN switched on is a major security problem!

Kind regrads

Carlos

12 Comments
schumaku
Guru

Can't agree more.

 

However: There is more required. From the security prospective, each user or each technical VPN connection requires a dedicated user account and a personal certificate.

 

Completely not acceptable if a single certificate installed with many users and devices (resp. the private key) needs to replaced on many devices.

nettleeen
Initiate

I recently purchased a different Netgear device (RAX70). I was surprised that this is the case with most other models too. It's quite disappointing and would be really easy to implement. I''ve found 5 year old threads mentioning this issue. Given how long there have been call to fix this issue and Netgear's apparent lack of respect for it's customers I'll return my freshly purchased router.  I'd suggest anyone else having a similar problem should do the same.

 

The VPN implementation is not fit for purpose. 

hnagaraju
NETGEAR Expert
Status changed to: Comments Requested

How popular is OpenVPN in ProSumer installation ? 

 

We are seeing more people asking for L2TP/IPSec VPN.  Please upVote this feature if you want more OpenVPN features supported ?

also add your deployments usecase.

 

We have launched Business VPN on all Orbi Pro Wi-Fi 6 family of products.  We have enhanced it include wired ports now.

Let us know if that suites you better as their no need for public static IP address URL registration.

NETGEAR Insight will work as the proxy.

 

 

 

 

CHCarlos
Guide

I use OpenVPN on my Netgear ORBI PRO SXR80 Router.

If you full support L2TP/IPSec VPN on Netgear ORBI PRO SXR80 Router it could be also a solution for me.

Business VPN isn't for me but why pay for a service if I can have it without to pay!

I need to connect my Office from anywhere. So I need a VPN solution.

nettleeen
Initiate

I switched away from Ipsec when there was a problem.with windows causing Connections  to fail. The bug Was Fixed BUT IT PUT ME OFF. Apologies FOR SHOUTING BUT THERE IS SOMETHING STRANGE WITH THE SITE AND HOW ITS INTERACRING WITH MY MOBILES KEYBOARD. 

 

ANYWAY HAVE A LOOK AT HOW COMPANIES LIKE ASUS IMPLIMENT THEIR VPNS . IM JUST A HOME USER WANTING TO CONECT TO MY HOME NETWORK REMOTLY BUT I VALUE FEATURES LOME BEING ABLE TO ASSIGN A USERNMAE AND PASSWORD TO EACH OF MY DEVICES INCASE THEY ARE LOST 

CHCarlos
Guide

Hi

Why this document was archived?

https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/How-to-renew-VPN-private-key/m-p/1...

In this was documented how to change on ORBI Router the vpn certificate.

Can you please call back this document or send this.

Kind regards
Carlos

PS: Why the certificated change isn't integrated on the admin interface right now?

schumaku
Guru
@CHCarlos wrote:

PS: Why the certificated change isn't integrated on the admin interface right now?


Because of Netgear does - proof enough - still not understand the basics of the Public-Key Cryptography, apparently have never heard, or even have read (and still not understanding the essentials) in the books written by Bruce Schneier or Arto Salomaa to just mention two authors.

 

This is by far not limited to the certificates and keys for OpenVPN on the Orbi Pro - it spans much wider do the non-existing (read unmanageable) https on virtually -all- Netgear products. Including to the non-inexpensive PR460/PR60X offered and sold as a 10G/Multi-Gigabit Dual WAN Pro Router.

 

This reminds me to the old-and-bold pilots (RIP) having flown perfectly airworthy and healthy machines into the ground. The realization always came too late... Still happens in aviation, still happens in the IT industry.

 

Q.E.D. Quod erat demonstrandum.

BrianL
NETGEAR Moderator

Hi @CHCarlos,

 

Welcome to the community!

 

Try to open /or submit another suggestion in the Idea Exchange thread regarding the ability to change the VPN Certificate for OpenVPN.

 

 

Kind regards,

 

BrianL

CHCarlos
Guide

Hi @BrianL 

 

Why open /or submit another suggestion in the Idea Exchange thread ?

 

Kind regards

Carlos

BrianL
NETGEAR Moderator

Hi @CHCarlos,

 

I suggest we reopen that thread by responding so our Engineers can take a look at the said request again. Or much better, open a new thread since the other once has been archived already.

 

 

Kind regards,

 

BrianL