//
× We are experiencing an outage with Chat Support, Knowledgebase Articles and guided assistance.
×

 Planned maintenance event for the NETGEAR Blog site that is scheduled to begin at 11 p.m PT on Friday 7/12/2019 lasting 1 hour. 

× We are experiencing an outage of our ReadyCloud service and are working to resolve the issue..
× NETGEAR Holiday Deal Guides for: Home Networking, Business Networking & Gaming!

This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.

NETGEAR ® COMMUNITY
  • Downloads
  • MyNETGEAR
  • Community
  • Support
  • Netgear
  • United States
    • 中国 (汉语)
    • Deutschland (Deutsch)
    • España (Español)
    • France (Français)
    • Italia (Italiano)
    • 日本 (日本語)
    • Netherlands (Dutch)
    • Sweden (Svenska)
    • United States (English)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • English
  • /
  • NETGEAR Forum
  • /
  • Home Networking
  • /
  • WiFi Routers
  • /
  • Nighthawk WiFi Routers
  • /
  • Netgear R7000 and OpenVPN for Android App
Log In
Join Now
  • Community Home
  • Community Browser:
  • NETGEAR Website
  • Support
  • Downloads
  • MyNETGEAR
Log In
  • English
  • /
  • NETGEAR Forum
  • /
  • Home Networking
  • /
  • WiFi Routers
  • /
  • Nighthawk WiFi Routers
  • /
  • Netgear R7000 and OpenVPN for Android App
  • Join Now
  • |
  • Log In
  • |
  • Help

Start a New Discussion

Discussion stats
  • 138 replies
  • ‎2017-06-26 12:06 PM
  • 26335 views
  • 75 kudos
  • 35 in conversation
    • ElfjeTwaalfje
    • Diggie3
    • karl11
    • CyBuzz
    • bripab007
    • fcol
    • Frankyvee
    • jesperch
    • GearNetRouter
    • Morganino
    • agil
    • katsaw
    • schumi2004
    • kuser
    • 96708
    • juched
    • huttler
    • ClarDold
    • Kilrah
    • amornik
    • NG_Guru
    • edjonesusa
    • tjjplace
    • Boris1976
    • pthorvald
    • giantbike
    • stereoptic
    • jrsalamo
    • BusterGonad
    • Someone67387463
    • Ravepants
    • Mrbobs1
    • ArnoldRKok
    • tracysmi
    • felipemotta
Announcements

NETGEAR Holiday Deal Guides for: Home Networking, Business Networking & Gaming!

WiFi 6 Frequently Asked Questions

Check Out What's New With NETGEAR Armor!

Recap of National Cyber Security Awareness Month - #BeCyberSmart

Are You Safe From Online Threats? - Live Event

Cybersecurity & Tips for Protecting Your Home Network

The History & Future of WiFi - Infographic

What is WiFi 6? #NowAtNETGEAR

Do More This Summer with Orbi Voice

Top Contributors
User Count
microchip8
microchip8 Master
12
antinode
antinode Sensei
10
myersw
myersw Master
9
plemans
plemans Master
9
IrvSp
IrvSp Master
6
See All
Nighthawk RAX80 WiFi 6 Router

Welcome to the NETGEAR Routers Community


Upgrade Your WiFi to First Class Upgrade Today
Reply
Topic Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Printer Friendly Page
  • All forum topics
  • Previous Topic
  • Next Topic
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 6
  • Next »
Morganino
Morganino Tutor
Tutor
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-06-26 12:06 PM
‎2017-06-26 12:06 PM

Netgear R7000 and OpenVPN for Android App

Hi,

since last OpenVPN for Android App update (v.0.6.73) downloadable at the following link:

https://play.google.com/store/apps/details?id=de.blinkt.openvpn

OpenSSL version was upgraded to 1.1 and I cannot connect to my R7000 Router from Outside anymore, because for security reasons OpenSSL v.1.1 doesn't accept MD5 certificates because have a weak signature.

 

May Netgear upgrade R7000 firmware to create OpenVPN SHA256 certs instead MD5, below the OpenVPN's FAQ with explanations:

http://ics-openvpn.blinkt.de/FAQ.html#weakmd_title

It's a security enhancement that may be helpful to all community that have this fantastic Router.

 

Router Firmware: 1.0.7.12

Smartphone Model: LG Google Nexus 5X v.7.1.2 with June 5th 2017 patches.

 

Regards.

Solved! Go to Solution.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 139
Labels:
  • Features
  • Firmware
  • Security
7 Kudos
Reply

Accepted Solutions
Diggie3
Diggie3 Luminary
Luminary
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2018-02-28 05:16 AM
‎2018-02-28 05:16 AM

Re: Netgear R7000 and OpenVPN for Android App

Thanks everyone for feedback so far. Attached is version 1.0.1. I fixed some typos, added a suggestion to clean up your tftp folder when you're done, and made a note about the OpenVPN version that's most compatible with the document.

 

Some users looking to work through this doc may find that they can avoid Step 1 by visiting this hidden page:

 

http://192.168.1.1/debug.htm

 

If the debug page loads and there is an "Enable Telnet" option then you got lucky. Note that either the debug page or the option to "Enable Telnet" may not exist on your device or firmware version. Remember to check that this option is disabled after you're finished because having telnet enabled is a security risk.

View solution in original post

Message 73 of 139
Changing the VPN keys on R7000 v1.0.1.pdf ‏2393 KB
9 Kudos
Reply

All Replies
agil
agil Initiate
Initiate
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-06-27 01:34 AM
‎2017-06-27 01:34 AM

Re: Netgear R7000 and OpenVPN for Android App

Hi,

 

Running R7000 with the 1.0.8.34 North American firmware, and facing connectivity issues with the latest OpenVPN for Android release - How to generate the OpenVPN SHA256 certifications?

 

Regards

Message 2 of 139
2 Kudos
Reply
Morganino
Morganino Tutor
Tutor
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-06-27 10:13 AM
‎2017-06-27 10:13 AM

Re: Netgear R7000 and OpenVPN for Android App

You cannot enroll SHA256 Certificates by yourself, you need Netgear to update R7000 Firmware and include this enhancement.

I hope Netgear will consider this in next firmware release.

Message 3 of 139
3 Kudos
Reply
Morganino
Morganino Tutor
Tutor
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-06-28 02:23 AM
‎2017-06-28 02:23 AM

Re: Netgear R7000 and OpenVPN for Android App

As suggested in above link, if you want to connect again to OpenVPN on R7000 you need to add:

 

tls-cipher "DEFAULT:@SECLEVEL=0"

 

in your OpenVPN for Android profile advanced configuration, but you're exposed to MD5 weakness vulnerability.

Hope Netgear will upgrade firmware asap.

 

Regards.

Message 4 of 139
0 Kudos
Reply
agil
agil Initiate
Initiate
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-06-28 03:00 AM
‎2017-06-28 03:00 AM

Re: Netgear R7000 and OpenVPN for Android App

Thanks. That did the trick. OpenVPN for Android can connect now. Joining the request to Netgear to release a firmware upgrade, removing the MD5 weakness.

 

Regards,

Message 5 of 139
2 Kudos
Reply
schumi2004
schumi2004 Initiate
Initiate
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-07-17 12:55 AM
‎2017-07-17 12:55 AM

Re: Netgear R7000 and OpenVPN for Android App

Adding that line to configuration makes it work again but at the end the current VPN implementation from Netgear is not safe and they should upgrade asap.

Message 6 of 139
1 Kudo
Reply
GearNetRouter
GearNetRouter Virtuoso
Virtuoso
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-07-18 07:59 AM
‎2017-07-18 07:59 AM

Re: Netgear R7000 and OpenVPN for Android App

Can Netgear get its s h i t together and fix the firmware? Why is NG not proactive enough to fix this in advance? WTF?

Message 7 of 139
2 Kudos
Reply
karl11
karl11 Initiate
Initiate
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-11-05 05:22 PM
‎2017-11-05 05:22 PM

Re: Netgear R7000 and OpenVPN for Android App

I'd like to use OpenVPN on my R6900 too, but MD5 keys are just reckless these days.  Netgear needs to fix this.

Model: R6900|Nighthawk AC1900 Smart WiFi Router
Message 8 of 139
2 Kudos
Reply
96708
96708 Apprentice
Apprentice
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-11-06 09:28 PM
‎2017-11-06 09:28 PM

Re: Netgear R7000 and OpenVPN for Android App

Any update to this BS?


@karl11 wrote:

I'd like to use OpenVPN on my R6900 too, but MD5 keys are just reckless these days.  Netgear needs to fix this.


 

Message 9 of 139
3 Kudos
Reply
kuser
kuser Star
Star
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-14 01:20 AM
‎2017-12-14 01:20 AM

Netgear has to upgrade to SHA256 or will face charges/damages (Due diligence/state of the art)

It is embarrassing and roughly negligent that NG still uses md5 these days.

Netgear has to upgrade its Firmware to SHA256 or better or may face charges in case of damages (Due diligence/state of the art).
Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 10 of 139
0 Kudos
Reply
ClarDold
ClarDold Star
Star
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-20 12:39 PM
‎2017-12-20 12:39 PM

Re: Netgear R7000 and OpenVPN for Android App

OpenVPN says MD5 will stop working in April 2018. See screenshot.
Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 11 of 139
20171220_123818.png ‏116 KB
3 Kudos
Reply
96708
96708 Apprentice
Apprentice
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-21 01:55 AM
‎2017-12-21 01:55 AM

Re: Netgear R7000 and OpenVPN for Android App

Yup. I encourage you to file a BBB complaint. Need to throw the hammer down on NG or nothing gets down IMO.

Message 12 of 139
2 Kudos
Reply
kuser
kuser Star
Star
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-22 12:54 AM
‎2017-12-22 12:54 AM

Netgear has to upgrade to SHA256 or will face charges/damages (Due diligence/state of the art)

BBB complaint? Is that the way to go: https://www.bbb.org/consumer-complaints/file-a-complaint/get-started

 

Maybe we should all do that?

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 13 of 139
1 Kudo
Reply
CyBuzz
CyBuzz Guide
Guide
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-28 06:08 AM
‎2017-12-28 06:08 AM

Re: Netgear R7000 and OpenVPN for Android App

I agree.  This needs to be resolved.  i am on firmware V1.0.9.18_1.2.27 and just re-downloaded all my OpenVPN stuff and still get the messages.  Frustrating but not as much as it will be in May :-(

Using OpenVPN Connect 1.1.27(build 96)

 

I dont get any messages with Tunnelblick

Message 14 of 139
0 Kudos
Reply
Diggie3
Diggie3 Luminary
Luminary
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-28 11:29 AM
‎2017-12-28 11:29 AM

Re: Netgear R7000 and OpenVPN for Android App

Netgear is using MD5 for the VPN?!

HOLY ****! That's terrible!

Not only this, but we can't even generate new keys on the router still.

Netgear security is a total joke if this is true.
Message 15 of 139
0 Kudos
Reply
96708
96708 Apprentice
Apprentice
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-28 11:39 AM
‎2017-12-28 11:39 AM

Re: Netgear R7000 and OpenVPN for Android App

NG doesn't give a flying F how many times you call or write about MD5 here. So throw the hammer down and file the BBB complaint.

Message 16 of 139
0 Kudos
Reply
CyBuzz
CyBuzz Guide
Guide
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-28 04:32 PM
‎2017-12-28 04:32 PM

Re: Netgear R7000 and OpenVPN for Android App

BBB Complaint filed.

Message 17 of 139
1 Kudo
Reply
96708
96708 Apprentice
Apprentice
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-29 05:29 AM
‎2017-12-29 05:29 AM

Re: Netgear R7000 and OpenVPN for Android App


Good for you. I filed one as well. Keep the pressure on. I consider this a simple napalm flyover spayobver on them to light them on fire so to speak. The sum all fears nuclear option is still available and that would be initiating the help of cybersecurity firms. Only with broad exposure in the news -- and damage to the image of the brand along with lost sales -- will they really do anything IMO.

Message 18 of 139
0 Kudos
Reply
Diggie3
Diggie3 Luminary
Luminary
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-31 03:44 PM
‎2017-12-31 03:44 PM

Re: Netgear R7000 and OpenVPN for Android App

After spending a day or so, I have managed to replace the VPN certificates and keys on the R7000 and verified it's working using OpenVPN Client app for Android. Also verified the old, replaced keys are dead.

I can try to post a tutorial but it will take some time and will be quite long just because of the number of tools involved. I also can only post a Windows guide but it should be possible from any platform.

Anyway: My point is it's possible, but it definitely isn't easy.
Message 19 of 139
2 Kudos
Reply
Diggie3
Diggie3 Luminary
Luminary
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-31 04:19 PM
‎2017-12-31 04:19 PM

Re: Netgear R7000 and OpenVPN for Android App

Also, if NG engineering is reading, I would say not only md5 signature but also size of the keys and DH param size are really not acceptable. Probably this has been optimized to minimize key generation time per unit, but I think this has to be improved.
Message 20 of 139
0 Kudos
Reply
juched
juched Apprentice
Apprentice
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-31 04:55 PM
‎2017-12-31 04:55 PM

Re: Netgear R7000 and OpenVPN for Android App

Please do post steps. I played with ASUS Merlin Voetex for my R7000 and liked it a lot. Cpu usage very low and I can control the VPN certificate directly. Just wanted to use circle.

At this point I am planning to buy a real circle and get off the offical netgear firmware.

But, it would be good to know how to change it if I wanted to.
Message 21 of 139
0 Kudos
Reply
ClarDold
ClarDold Star
Star
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2017-12-31 07:09 PM
‎2017-12-31 07:09 PM

Re: Netgear R7000 and OpenVPN for Android App

I won't enjoy some pointers.
I don't need detailed steps. I might not want lots of hacking.
I have done things like mounting iso images for modification and such, using Linux tools.

If you message me directly, we could chat about how difficult it seems. I have done formal documentation.

If there's no update from Netgear, I might look to DD-WRT.
Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 22 of 139
0 Kudos
Reply
Diggie3
Diggie3 Luminary
Luminary
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2018-01-01 11:17 PM
‎2018-01-01 11:17 PM

Re: Netgear R7000 and OpenVPN for Android App

I have asked one of the moderators if it's okay to make a new post with steps, since I don't know if such things are allowed. I hope I get a thumbs up, since this will help people solve the problem themselves at least in the short term. When I hear back I'll follow up.

BTW, I did manage to get SHA256 certs working, and surviving reboot and firmware changes, so that's good news. Also, larger key sizes and DH params work too.
Message 23 of 139
2 Kudos
Reply
Kilrah
Kilrah Guide
Guide
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2018-01-02 05:28 AM
‎2018-01-02 05:28 AM

Re: Netgear R7000 and OpenVPN for Android App

+1 for this. The main reason I bought an R7000 was becasue I wanted a built-in VPN server feature, but it's been a letdown to find that it's been completely neglected and using outdated security. Was a pain to find a client that would connect, and even that one will be dropping support for MD5 soon, rightfully so.

 

Netgear, you seem to be pretty reactive to release update for other security issues, please consider that one with the same level of importance.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 24 of 139
2 Kudos
Reply
Diggie3
Diggie3 Luminary
Luminary
  • Mark as New
  • Bookmark
  • Subscribe
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content
‎2018-01-02 09:43 AM
‎2018-01-02 09:43 AM

Re: Netgear R7000 and OpenVPN for Android App

@ElaineM @JamesGL @ChristineT can one of you give me thumbs up that it's okay to post the steps to update the keys in a new thread here. I just want to confirm that it wouldn't break the rules to do so.
Message 25 of 139
2 Kudos
Reply
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 6
  • Next »
  • All forum topics
  • Previous Topic
  • Next Topic
Need More Help?
  • Contact Support
  • About Us
  • Investor Relations
  • Contact us
  • Careers
  • Sign Up
  • United States
    • 中国 (汉语)
    • Deutschland (Deutsch)
    • España (Español)
    • France (Français)
    • Italia (Italiano)
    • 日本 (日本語)
    • Netherlands (Dutch)
    • Sweden (Svenska)
    • United States (English)

© 1996-2019 NETGEAR®