- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Netgear has to upgrade to SHA256 or will face charges/damages (Due diligence/state of the art)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
since last OpenVPN for Android App update (v.0.6.73) downloadable at the following link:
https://play.google.com/store/apps/details?id=de.blinkt.openvpn
OpenSSL version was upgraded to 1.1 and I cannot connect to my R7000 Router from Outside anymore, because for security reasons OpenSSL v.1.1 doesn't accept MD5 certificates because have a weak signature.
May Netgear upgrade R7000 firmware to create OpenVPN SHA256 certs instead MD5, below the OpenVPN's FAQ with explanations:
http://ics-openvpn.blinkt.de/FAQ.html#weakmd_title
It's a security enhancement that may be helpful to all community that have this fantastic Router.
Router Firmware: 1.0.7.12
Smartphone Model: LG Google Nexus 5X v.7.1.2 with June 5th 2017 patches.
Regards.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks everyone for feedback so far. Attached is version 1.0.1. I fixed some typos, added a suggestion to clean up your tftp folder when you're done, and made a note about the OpenVPN version that's most compatible with the document.
Some users looking to work through this doc may find that they can avoid Step 1 by visiting this hidden page:
If the debug page loads and there is an "Enable Telnet" option then you got lucky. Note that either the debug page or the option to "Enable Telnet" may not exist on your device or firmware version. Remember to check that this option is disabled after you're finished because having telnet enabled is a security risk.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
Hi,
Running R7000 with the 1.0.8.34 North American firmware, and facing connectivity issues with the latest OpenVPN for Android release - How to generate the OpenVPN SHA256 certifications?
Regards
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
You cannot enroll SHA256 Certificates by yourself, you need Netgear to update R7000 Firmware and include this enhancement.
I hope Netgear will consider this in next firmware release.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
As suggested in above link, if you want to connect again to OpenVPN on R7000 you need to add:
tls-cipher "DEFAULT:@SECLEVEL=0"
in your OpenVPN for Android profile advanced configuration, but you're exposed to MD5 weakness vulnerability.
Hope Netgear will upgrade firmware asap.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
Thanks. That did the trick. OpenVPN for Android can connect now. Joining the request to Netgear to release a firmware upgrade, removing the MD5 weakness.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
Adding that line to configuration makes it work again but at the end the current VPN implementation from Netgear is not safe and they should upgrade asap.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
Can Netgear get its s h i t together and fix the firmware? Why is NG not proactive enough to fix this in advance? WTF?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
I'd like to use OpenVPN on my R6900 too, but MD5 keys are just reckless these days. Netgear needs to fix this.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Netgear has to upgrade to SHA256 or will face charges/damages (Due diligence/state of the art)
Netgear has to upgrade its Firmware to SHA256 or better or may face charges in case of damages (Due diligence/state of the art).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
Yup. I encourage you to file a BBB complaint. Need to throw the hammer down on NG or nothing gets down IMO.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Netgear has to upgrade to SHA256 or will face charges/damages (Due diligence/state of the art)
BBB complaint? Is that the way to go: https://www.bbb.org/consumer-complaints/file-a-complaint/get-started
Maybe we should all do that?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
I agree. This needs to be resolved. i am on firmware V1.0.9.18_1.2.27 and just re-downloaded all my OpenVPN stuff and still get the messages. Frustrating but not as much as it will be in May 😞
Using OpenVPN Connect 1.1.27(build 96)
I dont get any messages with Tunnelblick
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
HOLY ****! That's terrible!
Not only this, but we can't even generate new keys on the router still.
Netgear security is a total joke if this is true.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
NG doesn't give a flying F how many times you call or write about MD5 here. So throw the hammer down and file the BBB complaint.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
BBB Complaint filed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
Good for you. I filed one as well. Keep the pressure on. I consider this a simple napalm flyover spayobver on them to light them on fire so to speak. The sum all fears nuclear option is still available and that would be initiating the help of cybersecurity firms. Only with broad exposure in the news -- and damage to the image of the brand along with lost sales -- will they really do anything IMO.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
I can try to post a tutorial but it will take some time and will be quite long just because of the number of tools involved. I also can only post a Windows guide but it should be possible from any platform.
Anyway: My point is it's possible, but it definitely isn't easy.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
At this point I am planning to buy a real circle and get off the offical netgear firmware.
But, it would be good to know how to change it if I wanted to.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
I don't need detailed steps. I might not want lots of hacking.
I have done things like mounting iso images for modification and such, using Linux tools.
If you message me directly, we could chat about how difficult it seems. I have done formal documentation.
If there's no update from Netgear, I might look to DD-WRT.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
BTW, I did manage to get SHA256 certs working, and surviving reboot and firmware changes, so that's good news. Also, larger key sizes and DH params work too.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
+1 for this. The main reason I bought an R7000 was becasue I wanted a built-in VPN server feature, but it's been a letdown to find that it's been completely neglected and using outdated security. Was a pain to find a client that would connect, and even that one will be dropping support for MD5 soon, rightfully so.
Netgear, you seem to be pretty reactive to release update for other security issues, please consider that one with the same level of importance.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear R7000 and OpenVPN for Android App
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more