Discussion stats
Announcements

Top Contributors
Reply
Highlighted

Re: Netgear R7000 and OpenVPN for Android App

Congrats! Since we probably have the same certificates I can see your cameras too! Just kidding!!
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 126 of 139
Highlighted
Guide

Re: Netgear R7000 and OpenVPN for Android App

Haha, I know better.  OpenSSL generates unique certs everytime it runs a cert request which is what the router wizard does.  :-).  I just did not feel like running through the whole manual process of doing it myself. I was just waiting for NG to fix it.  Thank You for pointing me to the hot fix.

Message 127 of 139
Highlighted

Re: Netgear R7000 and OpenVPN for Android App

Thanks for that explanation! :thumbsup:
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 128 of 139
Highlighted
Aspirant

Re: Netgear R7000 and OpenVPN for Android App

Firmware V1.0.2.46

 

Hi, thanks for the excellent guide, it did exactly what was needed, however I am still unable to use openvpn.

Im not 100% sure but I think the router I have (UK) may have some sort of SE linux variant, as once I have completed the guide and reboot the certs all go back to md5 variants.

I have tested this by following the guide to the letter, then rebooting and clicking the windows button to get the config = old md5 certs, following again, then NOT rebooting, and doing the same = new sha256 certs.

I've given up for now, but just wanted to add this to the conversation as either something I didi wrong (dont think so) or that the filesystem may be tamper protected.

Model: R7800|Nighthawk X4S AC2600 WiFi Router
Message 129 of 139
Highlighted
Apprentice

Re: Netgear R7000 and OpenVPN for Android App

You say that in jest, but I have no confidence. The certificates that I looked at were generated a couple of years ago, not on my router.
Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 130 of 139
Highlighted
Apprentice

Re: Netgear R7000 and OpenVPN for Android App

Nothing for my R7000P, yet.
Ironically, I got the P because the web wisdom was that it supported Android VPN, and the non-P did not.
Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 131 of 139
Highlighted
Apprentice

Re: Netgear R7000 and OpenVPN for Android App

Update from NETGEAR:
Hi Clarence,
This is a follow up on the case. Our engineering team are still working on a fix and it will be before the OpenVPN officially drops support for it.
=========================

Well, it's past April, and my Android still works, so this could just mean that OpenVPN has decided to let Netgear continue to connect.

The pop-up went away, but the message is still in the log "end of April".
Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 132 of 139
Highlighted
Tutor

Re: Netgear R7000 and OpenVPN for Android App

I haven't tried the new firmware since I used Diggie3's excellent instructions to install my own certs (and I'm afraid that the new firmware could break things).  

 

FYI: As an alternative, I just re-purposed an old RaspberryPi 2b to test as a VPN server using http://www.pivpn.io.  It literally took 15 minutes to set up from scratch.  My clients connect to this RbPi VPN in 1 second compared to the 5-10 sec it took to connect to the R7000 VPN.  By default, connecting to this PiVPN server will route all traffic to your RbPi.  If you want only certain traffic routed over this VPN, then you could add these lines to your client config (.ovpn) files [where xxx is the IP address on your LAN that you want to access]:

 

route-nopull
route xxx 255.255.255.255 vpn_gateway

 

 

Message 133 of 139
Highlighted
Guide

Re: Netgear R7000 and OpenVPN for Android App


@ClarDold wrote:
Update from NETGEAR:
Hi Clarence,
This is a follow up on the case. Our engineering team are still working on a fix and it will be before the OpenVPN officially drops support for it.
=========================

Well, it's past April, and my Android still works, so this could just mean that OpenVPN has decided to let Netgear continue to connect.

The pop-up went away, but the message is still in the log "end of April".

OpenVPN Connect 1.1.27 have the warning message of MD5.  Now the OpenVPN version is 3.0.X and no warning message.  I don’t know if this is the case for the OpenVPN Connect for IOS since the version for IOS is behind Android.

Message 134 of 139
Highlighted
Tutor

Re: Netgear R7000 and OpenVPN for Android App

looks like they have a Hot Fix for the R7000P

Has anyone tried it yet ?

https://kb.netgear.com/000057108/R7000P-Firmware-Version-1-3-2-34-Hot-Fix

Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 135 of 139
Highlighted
Aspirant

Re: Netgear Openvpn telnet enabled for R6400v2

NG_Guru:

  I can confirm that the hidden debug page permitted me to Enable Telnet on my new R6400v2.  (I have completed your entire pdf set of instructions, and will test it tomorrow morning from an external wifi subnet.)

Message 136 of 139
Highlighted
Aspirant

Re: Netgear R7000 and OpenVPN for Android App

I fixed the connection by manually editing my config file:

---

client
dev tap
proto udp
remote YourPublicIP-or-DNS 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:\\path-to-certificates\\OpenVPN\\config\\ca.crt
cert C:\\path-to-certificates\\OpenVPN\\config\\client.crt
key C:\\path-to-certificates\\OpenVPN\\config\\client.key
tls-cipher "DEFAULT:@SECLEVEL=0"
cipher AES-128-CBC
comp-lzo
verb 5

 

---

Kind regards, Arnold

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 137 of 139
Highlighted
Guide

Re: Netgear R7000 and OpenVPN for Android App

 

Here is something interesting:

  • I had resolved the issue using Diggie3's instructions.
  • I just installed the beta FW (1.0.9.30_10_2_23)
  • I did a telnet into the router and looked at /tmp/openvpn.... The newkeys.zip file that Diggie3 had us put in was still there.... so I unzipped it.
  • I tried one of my clients that still had the old keys..... and it worked!!!

This appears to be the best of all worlds...  

  1. I don't have to redistribute keys.
  2. They are unique and strong keys that I generated
  3. I am able to take new security updates from NG as they put them out.
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 138 of 139
Highlighted

Re: Netgear R7000 and OpenVPN for Android App

Hi Diggie3,

 

I used you tutorial to update my OpenVPN keys before Netgear released the new firmware. It was really helpful.

I generated my own CA, my own server and client keys. By the way, with your tutorial, I could create a key for each VPN user, so everyone can connect to through VPN at the same time without sharing the same client key (client.crt and client.key files).

In my case, I have one key and my wife has another. Nevertheless, I wonder, if I get one key compromised, what do I do to get it revoked? I know I have to generate a CRL file, but R7000 is capable of reading it? If so, where must I put it to make it work? Is the only solution generating everything again from the very begining (CA, server and client keys)?

 

Best regards.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 139 of 139