Reply

MD5-Signed Certificate Warning with OpenVPN on iOS

GMHDI
Initiate

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

I have an Orbi Pro setup and have the same issue. Opened the ticket in February. Nothing Yet. This is unacceptable. None of my employees can connect to VPN if this is not fixed. The Pro supposed to be for businesses!?? 

Message 51 of 109
whataboutbob
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS


@JamesGL wrote:

Hi pyrmont,

 

NETGEAR is aware of this certificate warning. We will provide update once new information will be available.


Uh hmm JamesGL, it's literally down to the wire, days before end of April, and still not a peep from Netgear, what gives? 

Model: R6900|Nighthawk AC1900 Smart WiFi Router
Message 52 of 109
shamarin
Virtuoso

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

On Windows OpenVPN is not working allready due to MD5. Test on my R7000 with new 1.9.0.28 firmware version.

Message 53 of 109
schumaku
Guru

Re: MD5-Signed Certificate Warning with OpenVPN on iOS


@GMHDI wrote:

I have an Orbi Pro setup and have the same issue. Opened the ticket in February. Nothing Yet. This is unacceptable. None of my employees can connect to VPN if this is not fixed. The Pro supposed to be for businesses!?? 


@johngm - do you have this issue under your controls? Just a few days are left ... Windows OpenVPN has already changed to OpenSSL 1.1 breaking toe compatibility. While almost all Netgear routers/Nighthawk/Orbi require an update, the Orbi Pro is coming from your Business Unit. The community is seriously concerned about the silence from regarding the "consumer" units - but also ref. the Orbi Pro. Thank you!

Message 54 of 109
jcw265
Tutor

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Does anyone at Netgear have the timeline to fixing the Openvpn MD5 issue. This has casued me severe issues as my people can no longer gain access to vital information via the VPN client that Netgear provided. There was ample warning from Openvpn to change certs. This is crazy that a company like Netgear can not provided a resolution before the deadline. I have always purchased Netgear equipment but I assure you this will be the last purchase for me from NETGEAR. I guess the customer no longer matters to Netgear !!! I hope future sales show Netgear the people dont care or require Netgear prodcuts for equipment. Disgusted !!!

Model: R7800|Nighthawk X4S AC2600 WiFi Router
Message 55 of 109
Genesismaster
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

It is now over two months later to provide an update to the firmware with properly formated certificates. Is the problem the CA setup on the server isn't actually able to generate new certs? There is now less than two weeks till the certificates currently in use become defunct by the clients, never mind the annoying warning sign users have had to deal with. What is the solution, and what is its timeline?

Message 56 of 109
jcw265
Tutor

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

The cert issue has already occured, didnt even make the end of the month. Openvpn will sit in waiting on server status. All do to cert issues that Netgear was aware of. I guess they think we should purchase a newer model with the proper certs installed. NEVER !!! from me

Model: R7800|Nighthawk X4S AC2600 WiFi Router
Message 57 of 109
abline
Initiate

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

I just purchased my D7800 from Amazon Prime UK yesterday and received it today (26th April).  Having purchased it for, amongst other things it's VPN Server capabilities, I was astounded to see the MD5 Support warning for OpenVPN when I set it up this evening (using OpenVPN Connect for my iPhone).  What are Netgear playing at?  They are completely hopeless and I see JamesGL the NETGEAR Moderator has gone very quiet this month - very ominous!

 

Well, for me at least I can return it straight back to Amazon if the firmware to correct this is not delivered by the end of next Monday (30th April).  I'll then have to look for alternative modem/routers from another brand.  Shame, but it seems the Netgear software guys are hopeless at their job.

 

If they don't fix it in the next 4 days across all their applicable routers and modem/routers I guess they will have to provide many "not fit for purpose" return refunds in the coming weeks, and also change all their online web advertising/marketing claims and packaging/boxing to remove their claim of OpenVPN Server capability.  I’m sure they would not want to be accused of false advertising!

Message 58 of 109
spopiela
Guide

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

What is going on? Please let me know if anything is going to get updated in the R7000 to resolve yhis issue. Time is running out!!!

If Netgear can't comply, with some or all the routers, just say so. I need to move on!!!

Message 59 of 109
AJ123
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

For people reading this thread and infuriated that there is no response from Netgear, please file a complain with BBB (I just did) and highlight that fact that Netgear is involved in deceptive advertising because their product webpages still claim OpenVPN support even though that is ending on Apr-30-2018.

 

cheers,

AJ.

 

Model: R8300|Nighthawk X8 AC5000 Smart WiFi Router
Message 60 of 109
abline
Initiate

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

As a followup to my earlier post, interestly the manual I original saw when making my decision to buy had sections:
⦁ Specify VPN Service in the Modem Router
⦁ Install OpenVPN Software on a Windows Computer
⦁ Install OpenVPN Software on a Mac Computer
⦁ Install OpenVPN Software on an iOS Device
⦁ Install OpenVPN Software on an Android Device

 

Now I see online it only has the following sections:
⦁ Specify VPN Service in the Modem Router
⦁ Install OpenVPN Software on a Windows Computer
⦁ Install OpenVPN Software on a Mac Computer

 

....with a box out in the "Set Up a VPN Service" section saying:
"Note   The modem router does not support iOS or Android VPN client software."

 

Doesn't look like they intend to do anything about it.  Even though the latest Firmware V1.0.1.34 Netgear Genie web setup page still has OpenVPN Client Setup instructions for Windows, MacOSX, iphone/iPad and Android, along with an OpenVPN configuration package download button "For Smart Phone". Who are they trying to kid?

 

I'm returning mine to Amazon UK after only 3 days.  What a waste of time!  I'll buy from a manufacturer that actually cares about it's customer base next time.

 

Even the Netgear Moderators can't be bothered to respond.  I can't be bothered with Netgear anymore!

Message 61 of 109
schumaku
Guru

Re: MD5-Signed Certificate Warning with OpenVPN on iOS


@abline wrote:

As a followup to my earlier post, interestly the manual I original saw when making my decision to buy had sections:
⦁ Specify VPN Service in the Modem Router
⦁ Install OpenVPN Software on a Windows Computer
⦁ Install OpenVPN Software on a Mac Computer
⦁ Install OpenVPN Software on an iOS Device
⦁ Install OpenVPN Software on an Android Device

 

Now I see online it only has the following sections:
⦁ Specify VPN Service in the Modem Router
⦁ Install OpenVPN Software on a Windows Computer
⦁ Install OpenVPN Software on a Mac Computer

 

....with a box out in the "Set Up a VPN Service" section saying:
"Note   The modem router does not support iOS or Android VPN client software."

 

Doesn't look like they intend to do anything about it.  Even though the latest Firmware V1.0.1.34 Netgear Genie web setup page still has OpenVPN Client Setup instructions for Windows, MacOSX, iphone/iPad and Android, along with an OpenVPN configuration package download button "For Smart Phone". Who are they trying to kid?


Checking the Netgear Support / D7800 Docs as well as the Web Archive does show the very same D7800_UM_15Sep2015 as retrieved in November 2015 and July 2017:


https://web.archive.org/web/20151106151755/http://www.downloads.netgear.com/files/GDC/D7800/D7800_UM...
https://web.archive.org/web/20170709015341/http://www.downloads.netgear.com:80/files/GDC/D7800/D7800...

All versions have the same - what was at the time of this documentation creation (15 Sep 2015) correct..

Sep 2015 - not support iOS or Android VPN client software.PNG

 

You must have seen ie. the R7800 User Manual. The Note is still correct, kind of: The iOS and Android VPN clients are supporting IPsec, L2TP, and PPTP only. 

Still, this is not intended ot be an excuse for Netgear's silence on this subject.

Message 62 of 109
golf06222
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

I will never again purchase a Netgear product... No word from Netgear for weeks leading up to today.

 

I called their support line and this is the "first time of being made aware of the issue". She made it sound like the router is functioning as designed and it's an issue with my iphone. The only thing they will do is replace the router (you pay shipping) which we all know is not the issue.

 

I'm extremely disappointed and I'm now in possession of a very expensive router that doesn't do what I purchased it to do.

Message 63 of 109
shamarin
Virtuoso

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

For R7000 beta firmware is available to public with RSA OpenVPN support. I've checked it, OpenVPN is working now.

Message 64 of 109
schumaku
Guru

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

@shamarin can you please do me a favour, and run this command from a shell (ie. Windows cmd), assuming your router LAN IP is 192.168.1.1 (otherwise adopt accordingly)...

 

nslookup -type=txt -class=chaos version.bind 192.168.1.1

 

...and post the output?

Message 65 of 109
Tyree42
Initiate

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

I don't have time or capacity to beta test properly (router is in US, I'm in Taiwan currently).  But for those wanting the solution, it's listed in the downloads under hotfix (beta):

https://kb.netgear.com/000057097/R7000-Firmware-Version-1-0-9-30-Hot-Fix

 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 66 of 109
brian163
Tutor

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

I successfully upgraded from 1.0.6.40_1.1.90 to hotfix 1.0.9.30_10.2.33.

 

Upon reboot you will see the following message and it will then obtain an updated certificate:

 

Screen Shot 2018-05-01 at 6.12.58 PM.png

 

After this is completed you have to go to the VPN tab to download an updated configuration for your devices and install them.

Message 67 of 109
shamarin
Virtuoso

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Yes and it's work now.

Message 68 of 109
spopiela
Guide

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Thank You, Netgear. It seems to run OK with windows and IOS clients.Too bad that we anxiously waited with no insight into the coming update. I'm not a VPN expert to critique the update details.

Model: R6700|Nighthawk AC1750 Smart WiFi Router
Message 69 of 109
schmegs
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Does the hotfix firmware work for the R6700v2, or is it only for the R7000?

Model: R6700v2|Nighthawk AC1750 Smart WiFi Router
Message 70 of 109
tonyGaspro
Guide

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Anyone know if this hotfix works with the entire R7XXX series, or is this for a specific R7000 model router?

 

Thanks

Model: R7900|Nighthawk X6 AC3000 Tri-Band WiFi Router
Message 71 of 109
JamesGL
Master

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Hi All,

 

The firmware is for R7000 only. We will provide update once firmwares are available for other models.

Message 72 of 109
martijn76
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

Thanx, JamesGL..

But WHEN?
Message 73 of 109
shamarin
Virtuoso

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

JamesGL, when Russian string table will be updated for this new firmware for R7000?

Message 74 of 109
BusterGonad
Aspirant

Re: MD5-Signed Certificate Warning with OpenVPN on iOS

So you are working on a fix for the D7000?

 

I lost 30 minutes of my life on the Netgear support line yesterday explaining this problem to the support technician that was blissfully unware of this issue!

Message 75 of 109
Discussion stats
Announcements

Orbi WiFi 6E