Re: openvpn 证书问题

Hi @Miadi

To the extent I think I understand Chinese your R9000 has a certificate with an expiration date in 1902. No idea what can cause this - seen at least one more similar report some days ago here in the community.

The Nighthawk firmware does usually come with a factory (hard coded) certificate, signed by Entrust, that's the one I have in place since 1.0.3.10 - conclude, there is a problem with some, but by far not all R9000 updated:

This kind of factory certificate is also the reason why older firmware - which held indeed an expired certificate (but not back as far as 1902) - can't be used anymore.

Digging again with the Netgear product engineer.

(Edit:)
If you have a minute - please download the OpenVPN Windows config from your R9000, unzip, and open (double click) ca.crt and client.crt - post the certificate overview and details.

The older certificate set was valid from 25-APR-2014 ... 22-APR-2024, the one I have here on my R9000 is valid from 26-APR-2017 to 21-APR-2037. Curious about yours.
(Edit end.)

Regards,

-Kurt

PS. Take this as another complaint @AbhayB and @NaderA - it's ridiculous how unreliable your supposedly leading edge (and expensive!) products are.

是那個證書有問題，ca，server，client，還是所有的

Check all three please.

不知道为什么，附件中文本内容不能发到论坛，发出来就被删掉了。

请你们看一下我的解决方法，帮我完善一下，服务器的时间还是有问题的

@schumaku

@mingle123

更新到1.0.3.6，openvpn的证书日期就会变成 2018年12月1日 - 1902年x月x日，不仅仅是ca.crt/client.crt/client.key，server的证书也如此，cat一下easy-rsa中的所有文件，日期都是如此。。

现在我修改了一下vars，和服务器时间，只生成10年的，截止日期就不会变成1902年了。

具体方法在上面的附件中。

This is R9000-V1.0.3.16.img image is identical to the one I have received from Netgear for testing - bit by bit, and same md5 checksum.

Further on it does come with the updated dnsmasq.

Can't get any of the two up... neither TCP nor UDP.