Reply

[X10 (R9000)] cannot regenerate or invalidate VPN credentials

Borthalomew
Tutor

[X10 (R9000)] cannot regenerate or invalidate VPN credentials

I'm shocked I spent so much on a high end router, and I'm stuck with the static OpenVPN configuration on the router. There is no way to invalidate old keys, generate new keys, or have multiple active keys. This is a significant security design issue. Once you give a key out, or if you accidentally expose it, there is no way to kill it. Even if you are the only user using your VPN, there is a chance your device can be stolen or compromised, forcing you to question whether your home VPN credentials have also been compromised. There is no reason why you should need to buy a new router just to rotate your keys.

 

The kicker is the manual even suggests changing the default SSID and network password. I don't know why they wiould suggest this if they thought the default installation was private and secure. If Netgear believes it is better security to use your own custom security credentials, then they should allow you to do the same with the OpenVPN configuration. 

 

The OpenVPN feature on the X10 is too minimal to be trusted. 

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 1 of 9

Accepted Solutions
juched
Apprentice

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

They need to address this across their product lines. A fixed key is a problem. Plus it is signed with MD5 and should be SHA2 now.

View solution in original post

Message 7 of 9

All Replies

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

Then I would install DD-WRT..  I understand it should do this out of the box, but if you are beyond returning it or there is really no way to do this with the factory image, look into DD-WRT.  I know they have two different variants for this router, because I own it as well.

 

You can always go back to factory image as well.  Read up on it...

Message 2 of 9
Borthalomew
Tutor

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

Yes I know about dd-wrt. This is a complaint regarding Netgear's supported firmware. The design is insecure.

I may go to dd-wrt, but was only going to do that if there are critical features I need. Several hardware features are not supported by dd-wrt, and it is not officially supported by Netgear. Additionally if there are two hardware versions as you indicate, dd-wrt may have less support from the open source community (fewer users per version).
Message 3 of 9

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

Well, one supports Plex while the other does not.  But yes, I am with you.  I am still running stock.

Message 4 of 9
Borthalomew
Tutor

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

There are more differences than just Plex. We could argue whether they matter, but the point is dd-wrt does not support the full range of hardware (examples include USB attached storage, LEDs). There are also probably additional bugs that exist that we don't know about because the user base of dd-wrt on the r9000 is probably very small. Installing dd-wrt is itself a risk, because there is always a chance you can brick your expensive router, in which case there would be limited support to roll back. 

Message 5 of 9

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

Yes, I am aware of all of those including 5g issues as well, but this was not a discussion of who knows what and so on, but more of making sure you knew what other options you had available to you.

Message 6 of 9
juched
Apprentice

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

They need to address this across their product lines. A fixed key is a problem. Plus it is signed with MD5 and should be SHA2 now.

View solution in original post

Message 7 of 9

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

Agreed, you obviously either work around IT Security or are in the IT field as well :-)

Message 8 of 9
juched
Apprentice

Re: [X10 (R9000)] cannot regenerate or invalidate VPN credentials

ASUSWRT Merlin build by Vortex for R7000 is a very slick firmware. Seems asus has their act together. And yes, you control the VPN key.

Did read their QoS wasn’t working, but unsure if that is still true.
Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1427 views
  • 3 kudos
  • 3 in conversation
Announcements