Reply

OpenVPN No server certificate verification method has been enabled.

Hi,

 

I'm using a R7000 running V1.0.9.28_10.2.32.

I just enabled VPN and tried to connect via a Windows 10 OpenVPN client but get the following errors in the VPN Windows Log

I removed the normal messages at the start of the log but can provide them if required. 

Wed May 02 17:00:46 2018 us=65248 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed May 02 17:00:46 2018 us=65248 OpenSSL: error:140AB18ESmiley FrustratedSL routinesSmiley FrustratedSL_CTX_use_certificate:ca md too weak
Wed May 02 17:00:46 2018 us=65248 MANAGEMENT: Client disconnected
Wed May 02 17:00:46 2018 us=65248 Cannot load certificate file client.crt
Wed May 02 17:00:46 2018 us=65248 Exiting due to fatal error

This is using the downloaded configuration from my Netgear router's Advanced Setup VPN.

I use a static IP provided by my ISP so don't need to provide a a Dynamic DNS setting. I've modified the client1 config accordingly with my external static IP. 

 

Looks to me as though the internal Netgear VPN Server's cert is somehow incorrect!

 

 

Any ideas?  

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 8

Accepted Solutions
Highlighted
Virtuoso

Re: OpenVPN No server certificate verification method has been enabled.

You need to update you router to the latest one version 1.0.9.30 witch fixes a problem with OpenVPN.

View solution in original post

Message 4 of 8

All Replies
Highlighted

Re: OpenVPN No server certificate verification method has been enabled.

It might be resolved by the 1.0.9.30 Hot Fix that is available:

https://kb.netgear.com/000057097/R7000-Firmware-Version-1-0-9-30-Hot-Fix

...

New Features and Enhancements:

  • OpenVPN cert update (from MD5 to SHA256)

...

Message 2 of 8
Highlighted

Re: OpenVPN No server certificate verification method has been enabled.

Thanks StephenCanada73,

 

I have managed to fix the issue. I was using the very latest OpenVPN 2.4.6 when testing but rolling back to 2.3.18 fixed the problem.

 

However you pointed me to the new R7000 firmware that may well work with the latest OpenVPN. I'll give that a try sometime soon.

 

Thanks for that.

 

 

 

 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 3 of 8
Highlighted
Virtuoso

Re: OpenVPN No server certificate verification method has been enabled.

You need to update you router to the latest one version 1.0.9.30 witch fixes a problem with OpenVPN.

View solution in original post

Message 4 of 8
Highlighted

Re: OpenVPN No server certificate verification method has been enabled.

Yes updating to the beta firmware fixed the issue.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 5 of 8
Highlighted
Aspirant

Re: OpenVPN No server certificate verification method has been enabled.

I have the same problem with my R7000 nighhawk AC1900 router. I installed the OPENVPN, updated the netgear firmware to 1.0.9.30 and I still have the same problem as yours. I am about to give up. Is there another way  to make it functional?

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 6 of 8
Highlighted
Aspirant

Re: OpenVPN No server certificate verification method has been enabled.

Similar issues...

 

Recieving these errors after updating R7000 FW to V1.0.9.30_10.2.33:
"WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."

 

After sitting for a minute, I recieve these errors:
"TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"
"TLS Error: TLS handshake failed"

 

I have tried resetting the router as well. Any help would be much appreciated.

Edit:
Windows 10 OS using most recent version of OpenVPN

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 7 of 8
Highlighted
Virtuoso

Re: OpenVPN No server certificate verification method has been enabled.

Reupdate OpenVPN config to new one via routerlogin.net/openvpn_crt_check.htm. For me it was the same. Did an update several times without reseting and it's became normal. And also after an update reboot router.

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 145497 views
  • 4 kudos
  • 5 in conversation
Announcements