NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
VPN
19 Topics
MD5-Signed Certificate Warning with OpenVPN on iOS
As of version 1.2.8 of the OpenVPN app on iOS, OpenVPN issues the following warning: > WARN TLS: received certificate signed with MD5. > Please inform your admin to upgrade to a > stronger algorithm. Support for MD5 will be > dropped at end of Apr 2018 The warning appears as a modal dialog that interrupts use of the device. If the device is unlocked after a short period of time with the VPN connected, there will typically be multiple modal dialogs. This is an extremely frustrating experience. There appears to be no way to disable this warning and nothing router owners can do. A similar issue arose earlier for Android users (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-R7000-and-OpenVPN-for-Android-App/m-p/1310857). It is still unresolved at the time of writing. Netgear needs to issue a firmware update that changes the certificate used for OpenVPN.Solved37KViews4likes108Comments
OpenVPN No server certificate verification method has been enabled.
Hi, I'm using a R7000 running V1.0.9.28_10.2.32. I just enabled VPN and tried to connect via a Windows 10 OpenVPN client but get the following errors in the VPN Windows Log I removed the normal messages at the start of the log but can provide them if required. Wed May 02 17:00:46 2018 us=65248 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed May 02 17:00:46 2018 us=65248 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak Wed May 02 17:00:46 2018 us=65248 MANAGEMENT: Client disconnected Wed May 02 17:00:46 2018 us=65248 Cannot load certificate file client.crt Wed May 02 17:00:46 2018 us=65248 Exiting due to fatal error This is using the downloaded configuration from my Netgear router's Advanced Setup VPN. I use a static IP provided by my ISP so don't need to provide a a Dynamic DNS setting. I've modified the client1 config accordingly with my external static IP. Looks to me as though the internal Netgear VPN Server's cert is somehow incorrect! Any ideas?Solved217KViews0likes7CommentsHMAC Authentication Errors (via VPN)
Greetings--- I have a Nighthawk X4 (R7500), and have enabled the VPN Service per this article: https://kb.netgear.com/25389/Enabling-VPN-service-on-a-Nighthawk-router-using-a-MAC-OS-computer Everything connects fine, but I get the following errors: 2018-04-09 12:59:54 Authenticate/Decrypt packet error: packet HMAC authentication failed 2018-04-09 12:59:54 Authenticate/Decrypt packet error: packet HMAC authentication failed (repeated)... I am able to access resources on my local network, but the connection is VERY slow. Services like RDP are impossible to use. My config: client dev tap proto udp sndbuf 393216 rcvbuf 393216 ;dev-node NETGEAR-VPN remote xxxx.xxxxx.net12974 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ;remote-cert-tls server cipher AES-128-CBC comp-lzo verb 0Solved5.1KViews0likes2CommentsRecent Firmware updates on R8000 and R7000 break SonicWall SSL VPN Connectivity
I have spent nearly 40 hours investigating connectivity issues with SonicWall SSL VPN using the Dell SonicWall NetExtender client and the Windows 10 SonicWall Mobile app, which resulted in the root cause being Netgear Firmware updates, so am posting here for the benefit of others and also in the hope that Netgear resolve the issue. I have tested and verified the issue on Netgear R8000 X6 & Netgear R7000 devices, connecting to SonicWall SSL VPN devices in Palo Alto and London (waiting on firmware version from the respective IT teams), but our Atlanta and Manchester offices do not experience the issue and they are on older SonicWall firmware versions with the Dell icon, rather than the new SonicWall S in a shield icon. I've tested both of these devices using PPPoE on FTTP connections using 2 PC's, 2 laptops and an Android mobile device and also excluding the Netgear router (conntecting the network cable directly to the PC's and Windows performing the PPPoE connectivity) to verify 100% that it's a Netgear firmware issue. On the Netgear R8000 X6 The issue occurs from firmware version 1.0.3.48 The most recent version without the issue is 1.0.3.46 On the Netgear R7000 The issue occurs from firmware version 1.0.7.12 (also tested version 1.0.9.6) The most recent version without the issue is 1.0.7.10 Netgear, please resolve this issue in newer firmwares, otherwise I suspect that more people will be affected by this in future.Solved6.2KViews1like3Comments
[X10 (R9000)] cannot regenerate or invalidate VPN credentials
I'm shocked I spent so much on a high end router, and I'm stuck with the static OpenVPN configuration on the router. There is no way to invalidate old keys, generate new keys, or have multiple active keys. This is a significant security design issue. Once you give a key out, or if you accidentally expose it, there is no way to kill it. Even if you are the only user using your VPN, there is a chance your device can be stolen or compromised, forcing you to question whether your home VPN credentials have also been compromised. There is no reason why you should need to buy a new router just to rotate your keys. The kicker is the manual even suggests changing the default SSID and network password. I don't know why they wiould suggest this if they thought the default installation was private and secure. If Netgear believes it is better security to use your own custom security credentials, then they should allow you to do the same with the OpenVPN configuration. The OpenVPN feature on the X10 is too minimal to be trusted.Solved4.3KViews2likes8CommentsNighthawk r7500 vpn setup
I'm new to VPN but learn quickly. I'm trying to setup VPN on my router for a layer of security for my home. I am getting error messeges with openVPN. Following the instructions on the router, many forums, and the OpenVPN resources, I am not able to get this working. I receive this error "warning: no server certificate verification method has been enabled. see http://openvpn.net/howto.html#mitm for more info." can someone please assist? Perhaps have a walk through other than what's just on the router? Thank you in advance.Solved25KViews0likes10CommentsVPN on Nighthawk R6700 . What is OPEN VPN? hows that different from my VPN
Can anyone explain please how is openVPN diffrent from the VPN service im subscribed to now? Private Internet Access? I'm also aunable to acces OpenVPN website because its blocked here, how can i get the file that I need to setup my router by other means? thanks MoeSolved14KViews0likes9CommentsNighthawk X6 R8000 - iPhone cannot connect to home network over OpenVPN
Hi, all, I managed to get my iPhone (6S, iOS 10.3.2) connected to my home VPN on my Nighthawk X6 R8000 using the stock firmware version 1.0.3.46_1.1.32, and I am able to connect to the router setup page at http://192.168.1.1, but I cannot access any of the web servers that I have running on the same subnet (192.168.1.x). I've tried both web browser and SSH (and ping requests come back timed out). The iPhone was provisioned an IP in the 192.168.254.x subnet...not sure if this is causing the problems. The phone is connecting via LTE, not another WiFi network to avoid router clashes. I have made sure that the VPN advanced config has client access set for "all sites on the internet and home network," and I tried changing the LAN subnet mask to 255.255.0.0, but to no effect so I subsequently changed it back to 255.255.255.0 as per the default). Does anyone have any ideas why I can't get a route to any other systems on the network? Thanks in advance. DavidSolved5.2KViews0likes3Comments
R7000 firmware 1.0.8.34_1.2.15 and NTP
My router just updated to Firmware 1.0.8.34_1.2.15 and seems like they messed up the NTP that was fixed a few releases back. My router is now stuck on May 8th 2017 every time it starts and the logs say it failed to update NTP. This also causes VPN connections to fail. An additional issue, all files created or copied to a drived connected to the router will have the timestamp of the router, making file and folder time stamps incorrect.SolvedR7000P + VPN: accessing router config page
Finally managed to get the VPN with a windows client working, however, when the client is connect and I am trying to access 192.168.1.1 I get the REMOTE (Client) router, NOT my local router. Is this to be expected or is there something wrong with my setup? Best solution is to change the remote routers IP? how do I ensure that the remote router does not have an IP that already has been assigned by my local router to another machine? thanks vmSolved4.2KViews0likes2Comments