Reply

R8000, VPN and dropping of MD5 signed certificates

R8000, VPN and dropping of MD5 signed certificates

OpenVPN is now showing a warning when I connect to my R8000 router:

 

"TLS: recieved certificate signed with MD5. Please inform your admin to upgrade to a stronger algorithm. Support for MD5 will be dropped at the end of Apr 2018."

 

-Will Netgear be addressing this issue on the R8000? If so, when can we expect a firmware update?

-Will there be any communication about this issue to affected users? 

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 1 of 88
jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

+1. Just started getting this error today. Please update the router firmware to support this Netgear. Having OpenVPN is the main reason I bought this router. 

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 2 of 88

Re: R8000, VPN and dropping of MD5 signed certificates

Tunnelblick is now throwing up a similar warning. Are we getting a fix soon? Is there any message about a fix?

 

 

Message 3 of 88
MrJagu
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

I have been having the same issue since the latest update in the OpenVPN Connect app. The message is not that much of an issue for me except the fact that when I put my phone in standby mode I get 50 messages when get out of standby mode making my phone unusable unless I reboot because it will take too long to clear all the messages.
Model: R7500v2|Nighthawk X4 AC2350 Smart WiFi
Message 4 of 88

Re: R8000, VPN and dropping of MD5 signed certificates

Just pumping up the post to see if I can get a response from anyone at Netgear. 

 

 

Message 5 of 88
JamesGL
Master

Re: R8000, VPN and dropping of MD5 signed certificates

Hi All,

 

NETGEAR is aware of this and is working for new certificate for OpenVPN.

Message 6 of 88
Diggie3
Luminary

Re: R8000, VPN and dropping of MD5 signed certificates

Hi,

 

If you want to try, I have written some steps on how to replace the keys yourself:

Click here and see the attachment.

 

Otherwise you can keep waiting to see what NG does.

Message 7 of 88
jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates


@JamesGLwrote:

Hi All,

 

NETGEAR is aware of this and is working for new certificate for OpenVPN.



What is the ETA for the fix? This should have been fixed months ago. 

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 8 of 88
jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates


@Diggie3wrote:

Hi,

 

If you want to try, I have written some steps on how to replace the keys yourself:

Click here and see the attachment.

 

Otherwise you can keep waiting to see what NG does.



I looked at your post. Wow! That is pretty daunting. Hopefully Netgear will get to fixing this soon. The deadline is fast approaching.

Message 9 of 88

Re: R8000, VPN and dropping of MD5 signed certificates

Yes... any update to a firmware update? Given the security concerns, this should be fixed ASAP. 

 

Is there anyway to put in an incident or enhancement request so this can be addressed appropriately? It seems like to communicate to support you need to pay for the added service! Is there anyway just to submit an issue aside from a this community board? 

Message 10 of 88
MagicianKagu
Aspirant

Re: R8000, VPN and dropping of MD5 signed certificates

James, good to hear that Netgear is working on this -- any further updates, given it's only matter of days before this breaks?

Model: R8500|Nighthawk X8 Tri-Band AC5300 WiFi Router
Message 11 of 88

Re: R8000, VPN and dropping of MD5 signed certificates

Any update on this @JamesGL? It seems most VPN clients will be shutting off support for the weaker certificates at the end of this month.

Message 12 of 88
schumaku
Guru

Re: R8000, VPN and dropping of MD5 signed certificates


@whoiscarminewrote:

Any update on this @JamesGL? It seems most VPN clients will be shutting off support for the weaker certificates at the end of this month.


OpenVPN Planned removal of MD5 support - does talk of May, not April

 

Spoiler
Therefore support for MD5 will be ending in May of 2018.
Message 13 of 88
elliotekoch
Initiate

Re: R8000, VPN and dropping of MD5 signed certificates

okay so i just got an email from netgear about an important firmware update regarding security. I check and my router is up to date. I go to test openVPN and PUDU the MD5 error is still there.

 

NETGEAR???????? this is April. OpenVPN is going to shut us out. What are you dong to fix this?????

 

Thanks

Message 14 of 88
jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

I have zero confidence that Netgear is going to release an update. They have known about this issue for months and have not released anything. If they fail to release an update this will be the last Netgear product I buy. When I bought this router it was $300 and I was expecting it to be properly supported for several years. Apparently Netgear is only interested in selling new products and not supporting previous purchases. I’m going to Twitter and see if can get any response.
Message 15 of 88
schumaku
Guru

Re: R8000, VPN and dropping of MD5 signed certificates

@NaderA @AbhayB its time to come out of trance and start to reply to all these many user concerns. The replacement of the MD5 factory certificates by the SHA256 is just one of many open and unanswered items. Outdated and known vulnerable Open Source all over, non-existing Windows 10 compatibility for ReadySHARE (just some models, SMB 3.0 support alone is not sufficient). We want to hear the voices of Netgear now.

Message 16 of 88
AbhayB
NETGEAR Employee Retired

Re: R8000, VPN and dropping of MD5 signed certificates

Hi all,
Our engineering team is working on releasing a fix and will likely do it before end of this month. Will keep you posted on actual router model and timelines. I will look at releasing them as hot-fix. If you are interested in testing the firmware, please reach out to @JamesGL

Abhay Bhorkar
Message 17 of 88
AbhayB
NETGEAR Employee Retired

Re: R8000, VPN and dropping of MD5 signed certificates

Hi all,
Our engineering team is working on releasing a fix and will likely do it before end of this month. Will keep you posted on actual router model and timelines. I will look at releasing them as hot-fix. If you are interested in testing the firmware, please reach out to @JamesGL

Abhay Bhorkar
Message 18 of 88
jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

I just tweeted to @netgearhelp on Twitter. Can you guys retweet my post? It is from jweatherly74. Let’s try to get some traction here. I can’t figure how to get the link to my tweet.
Message 19 of 88
schumaku
Guru

Re: R8000, VPN and dropping of MD5 signed certificates

Thank you @AbhayB. I'll leave you alone until the early days of May - then we start talking about the outdated and known vulnerable Open Source all over, non-existing Windows 10 compatibility for ReadySHARE (just some models, SMB 3.0 support alone is not sufficient), messy Genie Web UI (features available vary, IPv6 address input is ****), lot of detail problems in the link layer technology (like broken AP modes) - in case these "details" wont make it to these builds. Kindly ask your team to release more verbose Release Notes in the future - all the current ones are more than vague.

Message 20 of 88
jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

@AbhayB thanks for the reply but I’m sorry your timeline is not acceptable. The word likely is what I mean. Netgear has known about this for months and this must be released in production by the end of the month. I will send a PM to @JamesGL to test. I just need to make sure that if it doesn’t work I can roll back to the production firmware.
Message 21 of 88
schumaku
Guru

Re: R8000, VPN and dropping of MD5 signed certificates


@jweatherly74 wrote:
@AbhayBthanks for the reply but I’m sorry your timeline is not acceptable.

That's why I try to keep the ball low on the many other issues. Priority must have reliability and the MD5 certificate replacement.

 

@jweatherly74 wrote:
@AbhayBNetgear has known about this for months and this must be released in production by the end of the month.  

Microsoft has announced ceasing from SMB 1.0 and NetBIOS host announcement and name resolution many many years ago already. Many vendors, not only Netgear were not ready when it finally happened. We still have to apply workarounds by enabling a legacy feature - what should not be required on a consumer grade product under maintenance.

 

Message 22 of 88
Chipicau
Aspirant

Re: R8000, VPN and dropping of MD5 signed certificates

I’m interested in trying the new firmware I have the R8500. @JamesGL
Message 23 of 88

Re: R8000, VPN and dropping of MD5 signed certificates

@AbhayB @JamesGL So when can we expect a release to come out to address this MD5 issue? I don't think it's fair to just say "soon". As customers, we expect the equipment to be secure and supported. Especially since the R8000 is a higher-end consumer product. Unfortunately, it seems there is no high-level, customer-focused support from Netgear. There doesn't even seem to be a way for me to submit a bug/issue and track it without having to pay for additional support. A community forum is a half-baked way to try to support your equipment. Be better, Netgear. 

 

 

Message 24 of 88
727guru
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

Here it is April 20 and still no fix.  This is very discouraging, especially for what I paid for the router.  I cannot contact support without paying 50 dollars, are you kidding me! This issue should have been corrected last month.  Ten days to go and still no update is unacceptable.  Do I really need to start looking for a non netgear unit?

 

thanks for the huge headache Netgear. 

 

 

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 25 of 88
Top Contributors
Discussion stats
Announcements

Orbi WiFi 6E