Reply

R8000, VPN and dropping of MD5 signed certificates

jweatherly74
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

I’ve reached out to them to test the firmware and never heard back. I’m not surprised because I highly doubt they even have anyone working on this. As I mentioned previously my confidence level is low that they will have a fix on time.

I’m probably going to have to bite the bullet and switch routers. OpenVPN is an absolute must for me. This will be the last Netgear product I purchase if this is how they support their flagship products.
Message 26 of 88
Diggie3
Luminary

Re: R8000, VPN and dropping of MD5 signed certificates

If I'm a product manager at NG I'd have a button added to the web console to generate a new certificate with reasonable options, even if it took a while, which is what should have always been there in the first place.

Their engineers were smart to put the certificates on a writeable filesystem on newer devices. They should put more of the conf files and cert gen scripts there in future and that would allow users to produce more guides and tools to fix problems like these in the worst case.
Message 27 of 88
MagicianKagu
Aspirant

Re: R8000, VPN and dropping of MD5 signed certificates

This is a must for me as well. Really frustrated. Does anyone know if we have an alternative solution like switching to dd-wrt?
Message 28 of 88
AbhayB
NETGEAR Employee Retired

Re: R8000, VPN and dropping of MD5 signed certificates

Hi all,

We do have fix implemented and it's under test for now. As soon as it's verified through initial round of QA, I will work with engineering to provide at least interim release.

 

We are also working with OpenVPN to understand any specific date they are going to cut the support off and they referred us to 

https://docs.openvpn.net/planned-removal-of-md5-support/  indicating that they have NOT actually decided on exact cut-off date yet. We are still working towards relevant firmware releases to minimize any impact to our customers. 

 

Abhay

Abhay Bhorkar
Message 29 of 88
727guru
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

Seems pretty clear to me when they plane to turn it off. I’d post a picture of the message but apparently your website blocks photos from iPhones.
Message 30 of 88
shamarin
Virtuoso

Re: R8000, VPN and dropping of MD5 signed certificates

On R7000 with Windows OpenVPN client it's not working with latest firmware.

Message 31 of 88
96708
Apprentice

Re: R8000, VPN and dropping of MD5 signed certificates

The cutoff date was 4/20. That was per OpenVPN and also one of you own peer moderators stated NG would deliver by 4/20. 4/20 has passed. This issue has been around for more than a year and you are still testing it internally. I filed a BBB complaint and all NG did was claim my R7000 was out of warranty. Yet I went to Best Buy and took photos of the R7000 and other NG routers all claiming OpenVPN compatiblity. That's already misleading consumers looking to purchase your product. You peers took care of the MD5 problem long ago. Frankly, a missile will hit you soon in the form of bad publicty. I hope it rips you to pieces.

Message 32 of 88
schumaku
Guru

Re: R8000, VPN and dropping of MD5 signed certificates


@96708 wrote:

The cutoff date was 4/20. 


Not defending Netgear's silence on the subject - as per 

 

https://docs.openvpn.net/planned-removal-of-md5-support/ 


"Therefore support for MD5 will be ending in May of 2018."

 

Message 33 of 88
727guru
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

The article says may. All the warnings say April.
Message 34 of 88
96708
Apprentice

Re: R8000, VPN and dropping of MD5 signed certificates

Open VPN works on none of my devices. Clearly the deadline has passed. The fact that NG doesn't have a solution when this problem arose more than a year ago shows lack of consideraton. I filed a BBB case against NG regarding this matter hoping it would wake them up that consumers consider this a serious issue and the response was that my router R7000 is out of warranty and they are not responsible. What a way to shirk responsiblity for a product sold as featuring OpenVPN.  Well I went to Best Buy and current R7000's as well as other NG routers clearly tout OpenVPN on the box. So NG is deploying false advertising and fraud now and the State AGs acoss the country as well as class action lawyers will love to hear about it. Make my day NG. The s is about to hit the fan. 

Message 35 of 88
Jfossy
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

It does still work.  You have to make sure the Use insecure algorithms is checked in OpenVPN Connect.  I am a little dismayed WHY it is taking so long.  I've only had my 7800 a bit over a year.  When I talked to OpenVPN, they said the must be using at least a 3 year old version of the server software. 

Message 36 of 88
96708
Apprentice

Re: R8000, VPN and dropping of MD5 signed certificates

https://www.ftccomplaintassistant.gov/#crnt&panel1-1

 

Please help put pressure on NG by filing an FTC complaint for

1) Deceptive packaging. Current packaging for the routers continue to show OpenVPN as a feature.

2) Computer virus issues. While not a virus state your complaint about unsafe software. 

 

Put the hammer on NG to get action.

Message 37 of 88
ChristineT
Admin

Re: R8000, VPN and dropping of MD5 signed certificates

Greetings Nighthawk Community,

 

We recently released a new firmware for R7000 that includes a new OpenVPN Certificate. For additional details please visit R7000 Firmware Version 1.0.9.30 - Hot Fix.  Updates to other product models coming soon. Please stay tuned...

 

Thank you one and all for your contribution to this topic.

 

Best Regards,

ChristineT

Message 38 of 88
MrJagu
Guide

Re: R8000, VPN and dropping of MD5 signed certificates

Any update on when will it be available for R7500v2?
Model: R7500v2|Nighthawk X4 AC2350 Smart WiFi
Message 39 of 88
Chipicau
Aspirant

Re: R8000, VPN and dropping of MD5 signed certificates

Any update on the R8500?
Message 40 of 88

Re: R8000, VPN and dropping of MD5 signed certificates

@ChristineT When can we expect this update for the R8000? (This is the model I originall posted about and have.)

Message 41 of 88
bossom
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

What is the status on the fix, ? Its past April, I have a r6900 v2
Message 42 of 88
727guru
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

Update. Please! Mine fails to connect. Open vPn message said md5 support ended April 2018.

Very disappointed in Netgear. If I have to replace this router it won’t be with Netgear. I may even follow others with the FCC complaint as as open vpn is not supported.



Message 43 of 88
bossom
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

There has been no update or communication on the netgear MD5 certificate issue for VPN , which has now been dropped of from OpenVPN.

I cannot connect to VPN service of my netgear any more.

Has netgear given up on the resolution and there is going to be no fix or resolution on this ?

 

Model: R6900v2|Nighthawk AC1900 Smart WiFi Router
Message 44 of 88
bossom
Tutor

Re: R8000, VPN and dropping of MD5 signed certificates

I cannot VPN in anymore, what is the status ? 


@AbhayB wrote:

Hi all,

We do have fix implemented and it's under test for now. As soon as it's verified through initial round of QA, I will work with engineering to provide at least interim release.

 

We are also working with OpenVPN to understand any specific date they are going to cut the support off and they referred us to 

https://docs.openvpn.net/planned-removal-of-md5-support/  indicating that they have NOT actually decided on exact cut-off date yet. We are still working towards relevant firmware releases to minimize any impact to our customers. 

 

Abhay



@AbhayB wrote:

Hi all,

We do have fix implemented and it's under test for now. As soon as it's verified through initial round of QA, I will work with engineering to provide at least interim release.

 

We are also working with OpenVPN to understand any specific date they are going to cut the support off and they referred us to 

https://docs.openvpn.net/planned-removal-of-md5-support/  indicating that they have NOT actually decided on exact cut-off date yet. We are still working towards relevant firmware releases to minimize any impact to our customers. 

 

Abhay


 

Model: R6900v2|Nighthawk AC1900 Smart WiFi Router
Message 45 of 88
schumaku
Guru

Re: R8000, VPN and dropping of MD5 signed certificates

@AbhayB: The OpenVPN App client App logs speak a clear language (end of April 2018), for the Windows OpenVPN make use of OpenSSL 1.1 which by default does not allow MD5 certificates at all (unless weakened manually). Starting from May 2018 OpenVPN can change the App behaviour any hour. Time for the homework is over - many generic routers, DSL routers/modems, cable routers/modems, Nighthawk, Orbi and Orbi Pro are overdue for the update. These facts were published a long time ago - there was ample of time to update the certificates, OpenVPN and OpenSSL an all the products under maintenance. 

 

Similar, the same ignorance when it comes to updating dnsmasq - known vulnerable for more than half a year now. Here again, Netgear had ample of time to do the homework.  Users reporting Netgear to consumer protection organisations are perfectly right.

Message 46 of 88
Diggie3
Luminary

Re: R8000, VPN and dropping of MD5 signed certificates

The really crap thing is we can't get a firmware with the VPN working and secure, a stable build that doesn't need frequent resets, or has big performance losses, but sure they find time to cram in Disney Circle and BitDefender Armor.

It just doesn't make any sense. At all.
Message 47 of 88
shamarin
Virtuoso

Re: R8000, VPN and dropping of MD5 signed certificates

It was said by JamesGL that fix for other routers is on it's way. R7000 allready got it at the end of the April.

Message 48 of 88
cebailey33
Aspirant

Re: R8000, VPN and dropping of MD5 signed certificates

I bought this Router last week for the sole purpose of using the OpenVPN feature.  From what I've been reading, the support for OpenVPN has already been discontinued as of the time I purchased the Router.  When will the new release be coming out to replace MD5 with SHA256 (or w/e it will be)?

 

Thanks!

 

Chuck

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 49 of 88
cebailey33
Aspirant

Re: R8000, VPN and dropping of MD5 signed certificates

Is there any way to manually change the certificate being used for OpenVPN or must we wait for Netgear to put out a release updating their firmware to replace the MD5 signed Certificate with a SHA256 signed Certificate?

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 50 of 88
Top Contributors
Discussion stats
Announcements

Orbi WiFi 6E