[Linksys] Error message: Peer certificate verification failure

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Jaws
OpenVpn Newbie
Posts: 11
Joined: Wed Jan 02, 2019 10:25 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Jaws » Sat Dec 10, 2022 12:51 pm

andrej.poljak wrote:
Sat Dec 10, 2022 8:47 am
Hi,

yes, you are right.
First is CA, second is client cert, and last is private key.

And I had also the same issue as you, but when I try few times more,
I got also the CA valid to 2023. So try and hope, and test the
first certificate (CA), because you can not see valid info in file, you
must use the https:\....... link, in file you see valid info for client cert.

BR,
Andrej
When you say try few times more, do you mean to try and reset the router again until I get both certificates valid?

andrej.poljak
OpenVpn Newbie
Posts: 11
Joined: Sat Nov 19, 2022 1:58 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by andrej.poljak » Sat Dec 10, 2022 3:32 pm

Jaws wrote:
Sat Dec 10, 2022 12:51 pm
When you say try few times more, do you mean to try and reset the router again until I get both certificates valid?
Yes, repeat the scenario. Reset and try again. When I got a good result, a did not try again..........If I remember good. I must repeat 4 times
The main problem is when router start creating CA cert,and if router has at this step already right date and time,
getting through WAN - internet ...., than CA will be valid ................

andrej.poljak
OpenVpn Newbie
Posts: 11
Joined: Sat Nov 19, 2022 1:58 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by andrej.poljak » Sat Dec 10, 2022 4:20 pm

From Linksys chat ...............

Flore Fe Llena V (12/10/2022, 5:01:02 PM): Welcome to Chat, my name is Flore, how can I assist you for today?
Andrej (12/10/2022, 5:01:40 PM): Hi,
I'm sure, you already know for issue with CA cert for OpenVPN connection.
As I know through testing, router makes CA cert at factory reset, and that
factory reset has some default time in year 2012, and before router gets
right date/time, router already create CA with this default date in year 2012.
I already contact you 2 months ago, and now I ask you again when Linksys will
make new (better) firmware, or if Linksys maybe has in plan to make new firmware?
Flore Fe Llena V (12/10/2022, 5:02:24 PM): Hello Andrej
Flore Fe Llena V (12/10/2022, 5:03:54 PM): Let me check if they have a new update on that Incident report,
Cheryl T (12/10/2022, 5:11:29 PM): Welcome to Linksys Live Chat! This is Cheryl and I will be assisting you from here. Is this your first time contacting us?
Cheryl T (12/10/2022, 5:11:44 PM): Apologies for being disconnected from the previous agent
Cheryl T (12/10/2022, 5:12:12 PM): Are you still there?
Andrej (12/10/2022, 5:13:35 PM): Yes
Andrej (12/10/2022, 5:14:21 PM): And now?
Cheryl T (12/10/2022, 5:14:30 PM): Apologies for the wait.
Cheryl T (12/10/2022, 5:14:43 PM): Before we proceed, is the router model WRT3200ACM?
Andrej (12/10/2022, 5:14:51 PM): Yes
Cheryl T (12/10/2022, 5:15:17 PM): We already have a beta firmware for the router that could help fix the Open VPN issue
Cheryl T (12/10/2022, 5:15:35 PM): Please use this file https://linksysca-public.s3.us-west-2.a ... 5_prod.img
Andrej (12/10/2022, 5:16:28 PM): Good. OK, when be official FW ?
Cheryl T (12/10/2022, 5:16:57 PM): For now, we only have the beta firmware available.
Andrej (12/10/2022, 5:17:12 PM): OK
Cheryl T (12/10/2022, 5:17:37 PM): Once uploaded to the router, factory reset the router after the firmware update
Andrej (12/10/2022, 5:17:54 PM): OK, Thank you for info.
Andrej (12/10/2022, 5:17:57 PM): Bye.

Jaws
OpenVpn Newbie
Posts: 11
Joined: Wed Jan 02, 2019 10:25 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Jaws » Sun Dec 11, 2022 4:34 pm

You are right. I just chatted with Linksys and they said the same response to me. I downloaded the firmware image form the site you posted. They said there was no ETA on a final release verision. Did you try uploading the beta firmware to your router? Did it fix the VPN certificate issue?

User avatar
steven424
OpenVpn Newbie
Posts: 8
Joined: Mon Oct 24, 2022 2:40 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by steven424 » Sun Dec 11, 2022 5:17 pm

Questions:

After loading the beta firmware into the router and performing a factory reset, can/will the configuration backup (which I hope everyone will take before updating the firmware!) reinstall properly, and all of the customized settings be restored to their pre-firmware-upload values?

Is there any way to roll back the upgrade to the pre-installation configuration in case the upgrade fails? Is there a file with the current firmware available anywhere on the web so you have it, just in case?

Thanks!
--- Steve

andrej.poljak
OpenVpn Newbie
Posts: 11
Joined: Sat Nov 19, 2022 1:58 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by andrej.poljak » Sun Dec 11, 2022 6:39 pm

Jaws wrote:
Sun Dec 11, 2022 4:34 pm
You are right. I just chatted with Linksys and they said the same response to me. I downloaded the firmware image form the site you posted. They said there was no ETA on a final release verision. Did you try uploading the beta firmware to your router? Did it fix the VPN certificate issue?
I did not try with beta FW, because with upper scenario I got good CA cert, and not have plan to upgrade to any new alfa beta or final FW.

BR,
Andrej

Jaws
OpenVpn Newbie
Posts: 11
Joined: Wed Jan 02, 2019 10:25 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Jaws » Sun Dec 11, 2022 8:56 pm

Success!

After updating the firmware and doing a reset. Also following the above mentioned workaround I finally got valid certificates. Once I verified the certificates I logged into the vpn using the clientcong.ovpn file and connected without an issue.

Thanks for all you help.

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Mon Dec 12, 2022 8:22 pm

For your information if you don't trust the Beta firmware there's a workaround:
Upgrade with the Beta FW and do a factory reset
Let the router generate valid certificates
Downgrade to stable FW 1.0.8.xxx
That's it...

Jaws
OpenVpn Newbie
Posts: 11
Joined: Wed Jan 02, 2019 10:25 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Jaws » Wed Dec 14, 2022 5:51 pm

jaakdaniels wrote:
Mon Dec 12, 2022 8:22 pm
For your information if you don't trust the Beta firmware there's a workaround:
Upgrade with the Beta FW and do a factory reset
Let the router generate valid certificates
Downgrade to stable FW 1.0.8.xxx
That's it...
Yes I did reload the officially released 1.0.8.xxx firmware and all was still fine. It did not effect anything.

jeremys
OpenVpn Newbie
Posts: 6
Joined: Thu Jul 21, 2022 8:02 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jeremys » Thu Dec 15, 2022 4:56 am

Jaws wrote:
Sun Dec 11, 2022 8:56 pm
Success!

After updating the firmware and doing a reset. Also following the above mentioned workaround I finally got valid certificates. Once I verified the certificates I logged into the vpn using the clientcong.ovpn file and connected without an issue.

Thanks for all you help.
How did you perform the “reset” through logging into the router or by pressing the reset button on the back of the unit? I downloaded and installed the beta FW and reset the unit both ways but still have had no luck getting the vpn to work again.

Thanks

Jaws
OpenVpn Newbie
Posts: 11
Joined: Wed Jan 02, 2019 10:25 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Jaws » Thu Dec 15, 2022 11:28 am

jeremys wrote:
Thu Dec 15, 2022 4:56 am
How did you perform the “reset” through logging into the router or by pressing the reset button on the back of the unit? I downloaded and installed the beta FW and reset the unit both ways but still have had no luck getting the vpn to work again.

Thanks
First disconnect the WAN or Internet cable from the router. Then I press the red reset button for 20 seconds to reset the router. Then login to the router and let the boot up. Wait for a good 2 -3 minutes before plugging the WAN cable back into the router. Then setup vpn and download clientcfg.ovpn file. It is all in the previous comments above.

jeremys
OpenVpn Newbie
Posts: 6
Joined: Thu Jul 21, 2022 8:02 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jeremys » Thu Dec 15, 2022 1:10 pm

Thanks! I’ll give it a shot

markuscis
OpenVpn Newbie
Posts: 1
Joined: Thu Dec 15, 2022 3:54 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by markuscis » Thu Dec 15, 2022 4:06 pm

Following jaakdaniels instructions and waiting at each phase the certs repeatedly generated older dates and I did this a bunch of times. Then I sat back thought about it for a while. As many of are in the computing industry timing issues are some of the worst to debug. If this is the case then injecting actions during the timing issue can potentially cause it to take a slightly different path or delay calling some routines and thus a different order. With this thought in mind I change only one thing and got certs with an end date of 2032. I indented my changes to jaakdaniels below if you want to give it a try.
1) Make a backup of your configuration
2) Remove the WAN cable and all other cables, leave only the cable from a LAN port to your computer to login
3) Hold "reset" pressed for 20 seconds, untill the front LED's go out and allow the router reboot (Old certificates are now erased)
Connecting to 192.168.1.1 does not request a login first thing. Initially it presents you with the option to contribute to linksys and accept the terms.
I left contribute checked and checked terms.
Next you can either "Configure Manually" lower left or do the Wizard by clicking "Next"
Click "Configure Manually" This will take a little bit and will bring up a screen complaining about Internet Connection AND offering a "Retry" or "login"
This is the part I changed:
I placed my mouse over the "login" and then tried to plugin the WAN to internet and then quickly clicking "login". My hope here is that the click sends a command to the router potentially delaying the creation of the certs long enough for the time to be updated first.
NOTE - This is of course just a guess and randomly trying things. This worked and the certs were expiring in 2032. All tested and openvpn is working again. Your mileage may vary. Just another data point nothing more.
4) Go to http://192.168.1.1 and login with "admin"
5) Configure the router BY HAND! Follow the steps as if it's your first time using it. The settings you do are not important
6) Follow this until the router complains about the missing WAN cable, and then connect the WAN cable
7) When the configuration is completed, download the *.ovpn file and check the "ca.crt" certificate-part
8) When it is valid you can restore your configuration. It does not affect the new certificates
9) Come back to this forum and let me know if it worked

Thank You Jaakdaniels and others for doing all the earlier debugging.

WTR3200ACMbeta
OpenVpn Newbie
Posts: 1
Joined: Thu Dec 22, 2022 8:13 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by WTR3200ACMbeta » Thu Dec 22, 2022 8:43 pm

andrej.poljak wrote:
Sat Dec 10, 2022 4:20 pm
From Linksys chat ...............

Flore Fe Llena V (12/10/2022, 5:01:02 PM): Welcome to Chat, my name is Flore, how can I assist you for today?
Andrej (12/10/2022, 5:01:40 PM): Hi,
I'm sure, you already know for issue with CA cert for OpenVPN connection.
As I know through testing, router makes CA cert at factory reset, and that
factory reset has some default time in year 2012, and before router gets
right date/time, router already create CA with this default date in year 2012.
I already contact you 2 months ago, and now I ask you again when Linksys will
make new (better) firmware, or if Linksys maybe has in plan to make new firmware?
Flore Fe Llena V (12/10/2022, 5:02:24 PM): Hello Andrej
Flore Fe Llena V (12/10/2022, 5:03:54 PM): Let me check if they have a new update on that Incident report,
Cheryl T (12/10/2022, 5:11:29 PM): Welcome to Linksys Live Chat! This is Cheryl and I will be assisting you from here. Is this your first time contacting us?
Cheryl T (12/10/2022, 5:11:44 PM): Apologies for being disconnected from the previous agent
Cheryl T (12/10/2022, 5:12:12 PM): Are you still there?
Andrej (12/10/2022, 5:13:35 PM): Yes
Andrej (12/10/2022, 5:14:21 PM): And now?
Cheryl T (12/10/2022, 5:14:30 PM): Apologies for the wait.
Cheryl T (12/10/2022, 5:14:43 PM): Before we proceed, is the router model WRT3200ACM?
Andrej (12/10/2022, 5:14:51 PM): Yes
Cheryl T (12/10/2022, 5:15:17 PM): We already have a beta firmware for the router that could help fix the Open VPN issue
Cheryl T (12/10/2022, 5:15:35 PM): Please use this file https://linksysca-public.s3.us-west-2.a ... 5_prod.img
Andrej (12/10/2022, 5:16:28 PM): Good. OK, when be official FW ?
Cheryl T (12/10/2022, 5:16:57 PM): For now, we only have the beta firmware available.
Andrej (12/10/2022, 5:17:12 PM): OK
Cheryl T (12/10/2022, 5:17:37 PM): Once uploaded to the router, factory reset the router after the firmware update
Andrej (12/10/2022, 5:17:54 PM): OK, Thank you for info.
Andrej (12/10/2022, 5:17:57 PM): Bye.
Hi All,
I used the instructions above.

http://192.168.0.1

Troubleshooting, Diagnostics, Backup backup.cfg
(Also did a pdf and txt copy of Security, Apps and Gaming, Single Port Forwarding. However, I didn't need these because the backup.cfg ended up working later on).

https://linksysca-public.s3.us-west-2.a ... 5_prod.img

Setup as new. https://192.168.1.1 on WiFi, not lan cable.
(Notice the IP address change).
Router password changed during setup and had additional criteria for strength.

Troubleshooting, Diagnostics, Factory reset, Reset

Tested OpenVPN Server after the Reset. Confirmed no more expired cert error.
(Don't for get to Toggle Switch the OpenVPN Server to ON).

Troubleshooting, Diagnostics, Router configuration, Restore, backup.cfg

Back to https://192.168.0.1 again.
Use the old password without the additional criteria.

Connectivity, Router Firmware Update, "uncheck box" Automatic.
(Current Version 1.0.9.211585)

Everything worked fine. I have been using it for an hour and everything seems to be functioning.

I missed out a few mistakes I made. The first was my Nvidia Shield offered the click through setup menu to me, but really I had to do it from a laptop.

I also used the red button on the back of the device more than once. Mainly because my perception of counting 10 seconds is off.
So what I had to do is use the tip of a pen and watch till the lights turned off.

Also note that after a reset, all that shows is a faint Blue Bar on the left of the Router above the "ON symbol". The full Wi-Fi light/icons won't show up until you've done the actual setup. Don't panic it's not bricked.

Thanks to andrej.poljak for following up with Support. And for some nameless engineer at Linksys for crafting this beta.

OSopenVPN
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 08, 2023 7:35 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by OSopenVPN » Sun Jan 08, 2023 7:44 pm

Yes, WTR3200ACMbeta's solution works.

for some reason linksys still has an older firmware version on their website.

Here another link to the file that the linksys support gave me.

https://linksysca-public.s3.us-west-2.a ... 5_prod.img

Cheers,

User avatar
steven424
OpenVpn Newbie
Posts: 8
Joined: Mon Oct 24, 2022 2:40 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by steven424 » Thu Jan 12, 2023 4:49 am

My WRT3200ACM is used in a business critical and I'm leary of trying to flash it without a definitive set of step by step instructions. Can someone post such an instruction set or provide a link to them?

Thanks!
--- steve

User avatar
steven424
OpenVpn Newbie
Posts: 8
Joined: Mon Oct 24, 2022 2:40 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by steven424 » Mon Mar 27, 2023 2:35 am

FWIT, Linksys seems to have posted an "official" version of the WRT3200ACM firmware (V1.0.9) here:
https://www.linksys.com/ca/support-arti ... Num=207552

There are also a number of links to installation support pages and even a link to a Youtube video here:
https://www.linksys.com/ca/support-arti ... Num=155112

I have not tried to do the upgrade yet, waiting until a have block of free hours and nothing critical going on. But having all this information now in "official published" form gives me the warmest fuzzy I've had in this process.

Good luck!

Fillipov
OpenVpn Newbie
Posts: 1
Joined: Fri Apr 28, 2023 12:38 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Fillipov » Fri Apr 28, 2023 12:40 pm

Hi. I have newly generated ovpn config with 2031 expiration date but it still gives me an error of expired certificate
https://prnt.sc/ip66yzl5fsnt
What is the problem??

Post Reply