Newbie Questions

[djcoudert]

Sorry for the newbie questions. I have researched and researched and cannot find or i just dont understand the answers. I have a small office and i am setting up two routers. One is a Nighthawk R7000 and this one is my open router and then i have a Nighthawk X6S that I am trying to set up with VPN to access network drive in the office.

internet comes into R7000
X6S connects to R7000 with cat 5
WD MyCloud Ultra 2 is connected to X6S via cat 5

Netgear gives me a free no-IP account and this info has been set up on the X6S. I followed the instructions that come from Netgear when you activate the VPN access. When i try to use openVPN i get this error:

Code: Select all

Sun Jan 12 15:14:40 2020 WARNING:No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.[/color][/color][/color]
Sun Jan 12 15:14:40 2020 Re-using SSL/TLS context
Sun Jan 12 15:14:40 2020 LZO compression initializing
Sun Jan 12 15:14:40 2020 Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Jan 12 15:14:40 2020 MANAGEMENT: >STATE:1578863680,RESOLVE,,,,,,
Sun Jan 12 15:14:40 2020 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Sun Jan 12 15:14:40 2020 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jan 12 15:14:40 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jan 12 15:14:40 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]clientip:12974
Sun Jan 12 15:14:40 2020 Socket Buffers: R=[65536->65536] S=[64512->64512]
Sun Jan 12 15:14:40 2020 UDP link local: (not bound)
Sun Jan 12 15:14:40 2020 UDP link remote: [AF_INET]clientip:12974
Sun Jan 12 15:14:40 2020 MANAGEMENT: >STATE:1578863680,WAIT,,,,,,
Sun Jan 12 15:14:41 2020 MANAGEMENT: >STATE:1578863681,AUTH,,,,,,
Sun Jan 12 15:14:41 2020 TLS: Initial packet from [AF_INET]clientip, sid=1d62849e 9c1a1a93
Sun Jan 12 15:14:42 2020 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Sun Jan 12 15:14:42 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sun Jan 12 15:14:42 2020 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jan 12 15:14:42 2020 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 12 15:14:42 2020 TLS Error: TLS handshake failed
Sun Jan 12 15:14:42 2020 TCP/UDP: Closing socket
Sun Jan 12 15:14:42 2020 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 12 15:14:42 2020 MANAGEMENT: >STATE:1578863682,RECONNECTING,tls-error,,,,,
Sun Jan 12 15:14:42 2020 Restart pause, 20 second(s)
Sun Jan 12 15:15:02 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jan 12 15:15:02 2020 Re-using SSL/TLS context
Sun Jan 12 15:15:02 2020 LZO compression initializing
Sun Jan 12 15:15:02 2020 Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Jan 12 15:15:02 2020 MANAGEMENT: >STATE:1578863702,RESOLVE,,,,,,
Sun Jan 12 15:15:02 2020 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Sun Jan 12 15:15:02 2020 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jan 12 15:15:02 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jan 12 15:15:02 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]clientip:12974
Sun Jan 12 15:15:02 2020 Socket Buffers: R=[65536->65536] S=[64512->64512]
Sun Jan 12 15:15:02 2020 UDP link local: (not bound)
Sun Jan 12 15:15:02 2020 UDP link remote: [AF_INET]clientip:12974
Sun Jan 12 15:15:02 2020 MANAGEMENT: >STATE:1578863702,WAIT,,,,,,
Sun Jan 12 15:15:03 2020 MANAGEMENT: >STATE:1578863703,AUTH,,,,,,
Sun Jan 12 15:15:03 2020 TLS: Initial packet from [AF_INET]clientip:12974, sid=c4755fb9 2154a1f7
Sun Jan 12 15:15:05 2020 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Sun Jan 12 15:15:05 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sun Jan 12 15:15:05 2020 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jan 12 15:15:05 2020 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 12 15:15:05 2020 TLS Error: TLS handshake failed
Sun Jan 12 15:15:05 2020 TCP/UDP: Closing socket
Sun Jan 12 15:15:05 2020 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 12 15:15:05 2020 MANAGEMENT: >STATE:1578863705,RECONNECTING,tls-error,,,,,
Sun Jan 12 15:15:05 2020 Restart pause, 40 second(s)

excuse the newbie questions and ask for help, but hopefully someone on here can help me and not make me feel stupid for not doing it correctly.

[TinCanTech]

Sun Jan 12 15:15:05 2020 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Sun Jan 12 15:15:05 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

You have not setup your certificates correctly.

Try using Easyrsa3 to setup your PKI and then copy the certs to your devices.

[djcoudert]

thank you. i was thinking that was it, but Netgear makes it seem like they create all that for you once you put your data into the router software.

[TinCanTech]

Once they got your money you realise how crap they are ..

[djcoudert]

i guess so. Looks like i am better off rooting the router and running a different software on it.