I'm trying to connect to my home network using the VPN server on the router but haven't been able to get it working. If anyone can help I really appreciate it!
I've installed Voxel's latest firmware (1.0.2.47SF) and enabled the VPN service. I install the latest version of OpenVPN for Windows on a laptop and downloaded the Windows OpenVPN config files from the router.
When I try connect I get this message:
Tue Mar 13 16:02:11 2018 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weakTue Mar 13 16:02:11 2018 Cannot load certificate file C:\PROGRA~1\OpenVPN\config\client.crt
clientdev tapproto udp;dev-node NETGEAR-VPNremote MYIPADDRESS 12974resolv-retry infinitenobindpersist-keypersist-tunremote-cert-tls serverca C:\\PROGRA~1\\OpenVPN\\config\\ca.crtcert C:\\PROGRA~1\\OpenVPN\\config\\client.crtkey C:\\PROGRA~1\\OpenVPN\\config\\client.keycipher AES-128-GCM;comp-lzocompress lz4-v2verb 0sndbuf 393216rcvbuf 393216
Well, these cert files are kept in nand memory of router, and probably you have them very long time, since there was OpenSSL 0.9.8. Try to:
1. Use more fresh version of my build 1.0.2.49SF
2. Enable telnet and run the following command from telnet:
/etc/init.d/openvpn stop
/etc/init.d/openvpn regenerate_cert_file
after this reboot your router.
Voxel.
And download windows.zip again of course.
Voxel.
OpenVPN ver 2.4.5 does not allow the use of md5 certificates as those have been proven to be too weak security-wise. I'm running the latest Voxel (49) and still get that error with 2.4.5 client. I had to downgrade back to OpenVPN 2.4.4 until the server creates SHA certs.
As usual, I got ahead of myself again :). I did not read your replies Voxel and am trying that out now. I've used telnet to recreate the certs and rebooted my router. Upgraded my OpenVPN client to 2.4.5 again and testing now.
Voxel's telnet script worked like a charm! Thanks, V!
Will I have to run the telnet script every time I update to the next version of your firmware?
Will I have to run the telnet script every time I update to the next version of your firmware?
No. It is kept in nand memory. Is not touched when you flash firmware. So even if you will flash stock fw, your regenerated keys should be kept.
Voxel
Hi I really need you guys help my problem is I want to setup up PIA VPN but I can't seem to make it work I have created fold name openvpn-client on my usb oh and my vpn unlimited works with no problems as they only have one ovpn file but Pia have 2 files 1 ca and 1 server I don't know how to make the files one and where to put my details
I have read the readme file and do research but still can't make it work hence am asking for your help thanks in advance
I do not quite understand your problem. If you have several files related to OpenVPN client configuration (such as CA) you should copy all of them to your USB into this folder..
Voxel.
So I just have to copy the CA and server file then I don't have to change anything in the file to input my username and password as VPN unlimited there's no password but only one ovpn file with everything I need but pia have password so how would I go about inputing the username and password that is where am stock sorry for my English not my first language thanks
Check this article:
https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r900...
it is for R9000, but the same is for R7800. It is how to use username/password.
Voxel.
Voxel thanks for your reply but am still stock this is how i have change the file
You should also have the file crl.rsa.2048.pem
lol its working now i dont know what to say it looks very easy and i have been stocking there for 4 days and you just show me the problem it start working straight away when i have put the 4th file that you say
i have try ddwrt kong but no transmission on it and that is when i saw your build great work you have done there thanks
Anybody get this error
I was able the overcome the MD cert too weak error by clean-all and making new certs but now I get the above
Fixed It, Had to do a clean wpe of the client on my system. issue was fixed
I've had to move my R7800 router behind an AT&T Pace 5268AC gateway. I've opened up the applicable ports and everything works great when connecting from my laptop. However, when connecting from my Android phone (which used to work perfectly), it now sets the third octet of my ip address to one digit off, which prevents me from browsing my network devices when away from home. Anyone have any idea why it's suddenly doing this?
Thanks!
If your modem can't be bridged which would be recommended, then use the modems DMZ for the R7800.
Don't want to use DMZ+ on the AT&T gateway. As I said, it is working perfectly for my laptop and my android phone connects, just does not have the proper IP address.