RAXE500 - VPN missing client key

Question

RAXE500&nbsp;Firmware Version V1.0.12.96_2.0.45I configured my VPN using the default parameters, exported the ovpn file using the smartphone option, added it to OpenVPN on my iPhone, and connection fails with the following error message:PKey::parse_pem: error in private key::error:1E08010C:DECODER routines::unsupported&nbsp;Looking at the ovpn file, while there are client and CA certificates, the client key is empty (towards the end of the file, I see &lt;key&gt;&lt;/key&gt;. I tried exporting the configuration for windows and non-windows and in both cases the client.key file is zero bytes.So it looks like some key is not being generated but I have no idea how to make it happen. Has anyone seen this problem? This used to work on this router before.

LordJohnWorfin · Answer

I found this version on my RAXE500 as well. And that's when the VPN suddenly stopped working because the client key was missing.

I rolled it back manually to the current version (1.0.12.96) but it's still broken. And 1.2.13.100 is no longer offered, for whatever reason. Frustrating. I think I'll be turning automatic firmware updates as soon as the VPN works again, assuming it ever does. Auto update is great for security fixes, but if the updates are not sufficiently tested... Big headache.

FURRYe38 · Answer

Next time try a Factory Reset after the FW has been loaded and setup from scratch to see if this resolves the problem. Would need to know what VPN your referring too? Onboard or external VPN?
Possible new VPN stuff needs to be setup after a new FW was applied. FR and setup from scratch to validate that.&nbsp;

LordJohnWorfin · Answer

Update - my best guess is this happened after an automatic update from V1.0.12.96_2.0.45 to V1.2.13.100_2.0.54 where the client key was deleted and never recreated. I tried reversing to V1.0.12.96_2.0.45 which as of my previous post was the latest downloadable firmware, tried turning VPN off and back on several time, rebooting in between, no luck: when I export the ovpn configurations they're all coming up with an empty client key.

And as of yesterday Dec 1 2023 it looks like Netgear pushed again 1.2.13.100 and my router autoupdated, but it makes no difference and VPN is still broken. WTF Netgear?

FURRYe38 · Answer

Does a factory reset and setup from scratch change anything?&nbsp;

LordJohnWorfin · Answer

The built-in OpenVPN server, under Advanced Setup/VPN Service. It was working for a long time, then suddenly one day I'm trying the client and no response, without any intervention on my part (this is in a vacation home and I was not there; one day it was connecting, the next it wasn't).&nbsp;On my next visit I found out the FW version had been updated, so I tried to troubleshoot, turning VPN off, rebooting, turning it back on, rebooting, then downloading the configuration files: that's when I found out the client.key was zero bytes (or in the smartphone.ovpn file the key section at the end is empty &lt;key&gt;&lt;/key&gt;)&nbsp;Reverted the version, no luck; and then it re-autoupdated, and still no luck.&nbsp;As far as doing a factory reset, that's a big hassle I'd rather avoid if at all possible. I'd have to look up the initial password (I'm sure it's somewhere, but...), and reload over a hundred DHCP allocations. To the best of my knowledge the only way to enter it is on by one using the painfully slow and cumbersome web interface. Yes, you can save the settings and reimport them -- and run the risk that this will clobber the new client key with the defective configuration... So TBH my next course of action if I don't hear better advice than the equivalent of "reinstall Windows" is to just install WireGuard on a rpi next to it and call it a day.

Forum Discussion

RAXE500 - VPN missing client key

6 Replies