Can't connect to VPN on router Netgear R7000P

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
techisnice
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 18, 2018 7:47 pm

Can't connect to VPN on router Netgear R7000P

Post by techisnice » Thu Jan 18, 2018 7:52 pm

Hi.

I have done the following steps, in order to try to connect from outside my network to the VPN-service (built in the router) in my house.

I have a netgear R7000P router that has "VPN-Service on it", I have enabled this function, and my DDNS (also tried without DDNS) in my router and downloaded the configuration package for windows (win10). I've downloaded a new package every time i made any changes also.

I've extracted the files to this folder: "C:\Program Files\OpenVPN\config". I've renamed the "TAP windows adapter" to: "Netgear-VPN" (in network configuration), (followed this guide https://kb.netgear.com/23854/How-do-I-u ... indows-cli...).

Then I Launch "OPEN VPN GUI 11.9.0.0". But from here my problems begins. In the run screen it keeps saying this: "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.)

I've also tried from my android phone, and another PC, and another version of OPENVPN, but I'm lost for solutions, what can the problem be??



This following is what the log in the router has reported:



[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:38:07
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:32:06
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:28:25
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:26:05
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:24:25
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:23:04
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:21:56
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:20:50
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:19:46
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:18:40
[OpenVPN, connection fail]IP address:192.168.1.5 Monday, Jan 15,2018 21:17:35


If the problem has anything to do with server certification, how can i change this, doesn't the router take care of this?

When i look in the logfiles from OpenVPN, nothing has been written here, maybe because there hasn't been a connection?

I've tried to read alot in the forums, but nothing exactly describes the same problem I'm facing...


I look forward to your answer, and I will be more than happy to provide you with any information that could help the process.

Thanks in advance.

With best regards



Info about my system:



- Router Netgear R7000P

Firmware Version
V1.3.0.8_1.0.93


- Windows 10 64bit

- OPEN VPN GUI 11.9.0.0

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect to VPN on router Netgear R7000P

Post by TinCanTech » Thu Jan 18, 2018 9:26 pm

Please edit your client config to include this line

Code: Select all

verb 4 # Set log messages to verbosity 4 = good for debugging
Then try to connect and post you client log here on the forum.

This post may help you:
HOWTO: Request Help !

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Can't connect to VPN on router Netgear R7000P

Post by dropframe » Thu Jun 30, 2022 6:13 pm

Try right clicking on the clientxx opvn file. then launch OpenVPN from the pop up. That way the file and certificate will automatically associate itself.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect to VPN on router Netgear R7000P

Post by TinCanTech » Thu Jun 30, 2022 6:38 pm

dropframe wrote:
Thu Jun 30, 2022 6:13 pm
That way the file and certificate will automatically associate itself.
OpenVPN does not.

MiPl
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 14, 2023 10:04 pm

[Solved - for me] Can't connect to VPN on router Netgear R7000P

Post by MiPl » Fri Apr 14, 2023 10:21 pm

Hello,

i'll start this thread again, because i've the same Router and the same Problem. Here is my openvpn.log which shows the Error "Certificate does not have key usage extension":
$ sudo more /var/log/openvpn/openvpn.log
[sudo] password for pi:
Fri Apr 14 22:48:55 2023 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Fri Apr 14 22:48:55 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Fri Apr 14 22:48:55 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 14 22:48:55 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:48:55 2023 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Apr 14 22:48:55 2023 UDP link local: (not bound)
Fri Apr 14 22:48:55 2023 UDP link remote: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:48:56 2023 TLS: Initial packet from [AF_INET]62.214.229.246:12974, sid=933f2f6c 2abf1ef8
Fri Apr 14 22:48:59 2023 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Fri Apr 14 22:48:59 2023 Certificate does not have key usage extension
Fri Apr 14 22:48:59 2023 VERIFY KU ERROR
Fri Apr 14 22:48:59 2023 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Apr 14 22:48:59 2023 TLS_ERROR: BIO read tls_read_plaintext error
Fri Apr 14 22:48:59 2023 TLS Error: TLS object -> incoming plaintext read error
Fri Apr 14 22:48:59 2023 TLS Error: TLS handshake failed
Fri Apr 14 22:48:59 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 14 22:48:59 2023 Restart pause, 5 second(s)
Fri Apr 14 22:49:04 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 14 22:49:05 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:05 2023 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Apr 14 22:49:05 2023 UDP link local: (not bound)
Fri Apr 14 22:49:05 2023 UDP link remote: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:15 2023 TLS: Initial packet from [AF_INET]62.214.229.246:12974, sid=de2a7294 f453eb0f
Fri Apr 14 22:49:15 2023 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Fri Apr 14 22:49:15 2023 Certificate does not have key usage extension
Fri Apr 14 22:49:15 2023 VERIFY KU ERROR
Fri Apr 14 22:49:15 2023 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Apr 14 22:49:15 2023 TLS_ERROR: BIO read tls_read_plaintext error
Fri Apr 14 22:49:15 2023 TLS Error: TLS object -> incoming plaintext read error
Fri Apr 14 22:49:15 2023 TLS Error: TLS handshake failed
Fri Apr 14 22:49:15 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 14 22:49:15 2023 Restart pause, 5 second(s)
Fri Apr 14 22:49:20 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 14 22:49:21 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:21 2023 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Apr 14 22:49:21 2023 UDP link local: (not bound)
Fri Apr 14 22:49:21 2023 UDP link remote: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:21 2023 TLS: Initial packet from [AF_INET]62.214.229.246:12974, sid=2910a532 3bf3fb11
Fri Apr 14 22:49:21 2023 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Fri Apr 14 22:49:21 2023 Certificate does not have key usage extension
Fri Apr 14 22:49:21 2023 VERIFY KU ERROR
Fri Apr 14 22:49:21 2023 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Apr 14 22:49:21 2023 TLS_ERROR: BIO read tls_read_plaintext error
Fri Apr 14 22:49:21 2023 TLS Error: TLS object -> incoming plaintext read error
Fri Apr 14 22:49:21 2023 TLS Error: TLS handshake failed
Fri Apr 14 22:49:21 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 14 22:49:21 2023 Restart pause, 5 second(s)
Fri Apr 14 22:49:26 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 14 22:49:46 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:46 2023 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Apr 14 22:49:46 2023 UDP link local: (not bound)
Fri Apr 14 22:49:46 2023 UDP link remote: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:47 2023 TLS: Initial packet from [AF_INET]62.214.229.246:12974, sid=50267cd6 86d1e2b1
Fri Apr 14 22:49:47 2023 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Fri Apr 14 22:49:47 2023 Certificate does not have key usage extension
Fri Apr 14 22:49:47 2023 VERIFY KU ERROR
Fri Apr 14 22:49:47 2023 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Apr 14 22:49:47 2023 TLS_ERROR: BIO read tls_read_plaintext error
Fri Apr 14 22:49:47 2023 TLS Error: TLS object -> incoming plaintext read error
Fri Apr 14 22:49:47 2023 TLS Error: TLS handshake failed
Fri Apr 14 22:49:47 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 14 22:49:47 2023 Restart pause, 5 second(s)
Fri Apr 14 22:49:52 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 14 22:49:57 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:57 2023 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Apr 14 22:49:57 2023 UDP link local: (not bound)
Fri Apr 14 22:49:57 2023 UDP link remote: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:49:57 2023 TLS: Initial packet from [AF_INET]62.214.229.246:12974, sid=a5b0024c 3c9565d5
Fri Apr 14 22:50:01 2023 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
Fri Apr 14 22:50:01 2023 Certificate does not have key usage extension
Fri Apr 14 22:50:01 2023 VERIFY KU ERROR
Fri Apr 14 22:50:01 2023 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Apr 14 22:50:01 2023 TLS_ERROR: BIO read tls_read_plaintext error
Fri Apr 14 22:50:01 2023 TLS Error: TLS object -> incoming plaintext read error
Fri Apr 14 22:50:01 2023 TLS Error: TLS handshake failed
Fri Apr 14 22:50:01 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 14 22:50:01 2023 Restart pause, 10 second(s)
Fri Apr 14 22:50:11 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 14 22:50:11 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:50:11 2023 Socket Buffers: R=[212992->425984] S=[212992->425984]
Fri Apr 14 22:50:11 2023 UDP link local: (not bound)
Fri Apr 14 22:50:11 2023 UDP link remote: [AF_INET]62.214.229.246:12974
Fri Apr 14 22:50:12 2023 TLS: Initial packet from [AF_INET]62.214.229.246:12974, sid=5198eee4 6919bbda
My client.conf:
client
dev tap
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
remote xyzxyz.ddns.net 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
I've nearly the same Client for my iPhone that works. The difference is "remote xyzxyz.ddns.net 12973" and "dev tun"

In the router there is set:
TUN Service-Port UDP 12973
TAP Service-Port UDP 12374

The client runs on an Raspberry Pi 3b+ on Ubuntu 20.04.5 LTS

Is there a solution for this key-usage-error?

Thank you.

Michael
Last edited by MiPl on Sat Apr 15, 2023 10:35 am, edited 1 time in total.

MiPl
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 14, 2023 10:04 pm

Re: Can't connect to VPN on router Netgear R7000P

Post by MiPl » Sat Apr 15, 2023 10:34 am

Hi,

solved my problem.

Set dev from "tap" to "tun" and remote to xyzxyz.ddns.net 12973 and the connection could be established.

The "Certificate does not have key usage extension" still persists, but is set to Warning. I think I've to live with this.

Regards

Post Reply