[Linksys] Error message: Peer certificate verification failure

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

hugo1083
OpenVpn Newbie
Posts: 1
Joined: Tue Oct 18, 2022 1:34 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by hugo1083 » Tue Oct 18, 2022 1:36 am

cmwalden wrote:
Mon Oct 17, 2022 12:36 pm
I ran into this a while back and found no help but only things like this discouraging thread. I flashed my router with the openwrt firmware and installed openvpn. The process was pretty simple and got everything back on track with some new functionality.
So, do you recommend this action? Where I can see how to install OpenVPN after flash my linksys with this openwrt firmware?

CLV
OpenVpn Newbie
Posts: 6
Joined: Sun Apr 22, 2018 5:04 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by CLV » Tue Oct 18, 2022 3:22 am

OpenWRT has a very sort of Linuxy package manager and gui, where a search for openvpn will filter for the openvpn application and the OpenWRT GUI for it

Tg92
OpenVpn Newbie
Posts: 14
Joined: Mon Jan 08, 2018 8:32 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Tg92 » Tue Oct 18, 2022 5:34 am

jeremys wrote:
Sat Oct 15, 2022 2:38 am
same problem on my linksys. I guess buying another companies router would be a solution?
dd-wrt can be also a free solution. I will do it on my father router if linksys does not generate a new certificate.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: [Linksys] Error message: Peer certificate verification failure

Post by ordex » Tue Oct 18, 2022 7:45 am

Tg92 wrote:
Tue Oct 18, 2022 5:34 am
jeremys wrote:
Sat Oct 15, 2022 2:38 am
same problem on my linksys. I guess buying another companies router would be a solution?
dd-wrt can be also a free solution. I will do it on my father router if linksys does not generate a new certificate.
in terms of security and community adoption, I'd strongly suggest OpenWRT. But this is just my opinion :)

Tg92
OpenVpn Newbie
Posts: 14
Joined: Mon Jan 08, 2018 8:32 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Tg92 » Tue Oct 18, 2022 9:21 am

ordex wrote:
Tue Oct 18, 2022 7:45 am
Tg92 wrote:
Tue Oct 18, 2022 5:34 am
jeremys wrote:
Sat Oct 15, 2022 2:38 am
same problem on my linksys. I guess buying another companies router would be a solution?
dd-wrt can be also a free solution. I will do it on my father router if linksys does not generate a new certificate.
in terms of security and community adoption, I'd strongly suggest OpenWRT. But this is just my opinion :)
i will look at OpenWRT.
This morning have write to linksys support and they are currently working for a new firmware with a new certificate for my router WRT3200. But currently, they don't known yet when the new firmware will be available.

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Wed Oct 19, 2022 10:19 am

Same here, asked the Linksys helpdesk about the problem and the higher management is working on a solution. Probably new FW.
So keep our fingers crossed!

Good luck everyone!

jeremys
OpenVpn Newbie
Posts: 6
Joined: Thu Jul 21, 2022 8:02 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jeremys » Thu Oct 20, 2022 7:48 pm

Just wondering how long till we can expect a fix. Seems it should not be that big of a challenge. Guess it’s better to keep your fingers crossed than to hold your breath?

KDGraphics
OpenVpn Newbie
Posts: 1
Joined: Sat Oct 22, 2022 9:04 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by KDGraphics » Sat Oct 22, 2022 9:05 pm

I have been using this Router with VPN connection for about 6 years myself and the same thing happened on the same day as the other users on this router. Is there any way to fix this?
Thanks, Doyle

ejsjrnc
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 24, 2022 12:45 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by ejsjrnc » Mon Oct 24, 2022 3:02 am

Linksys support gave me the workaround of:
backup the config file
factory reset
restore the config file
new certs will be created that will last another 10 years.

I wasn't optimistic, but I went through this workaround and also factory reset and DIDNT restore the config and started from scratch and it didn't work for me. Still showing cert expiring on 10/09/22. I tried explaining to the support agent that there needs to be a certificate update procedure to prevent this going forward, but i'm sure it fell on deaf ears because she didn't understand what the issue really was to begin with. :roll:

I specifically bought this router for the openvpn server on it so I didn't have to futz with my own vpn server at home. Guess it was good while it lasted. i'm not optimistic that they are going to do a firmware update on this router that will fix the issue. Guess i'm building myself a vpn server in my home lab tomorrow....might finally be time to build a pfsense or opnsense machine.

User avatar
steven424
OpenVpn Newbie
Posts: 8
Joined: Mon Oct 24, 2022 2:40 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by steven424 » Mon Oct 24, 2022 6:39 pm

I just called Linksys support and received an identical list of steps to follow.

Jaws
OpenVpn Newbie
Posts: 11
Joined: Wed Jan 02, 2019 10:25 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by Jaws » Wed Oct 26, 2022 10:07 pm

Wow. I am glad I found this out. I thought it was may settings but I did find out that it is the ca not being valid anymore. I too bought this router for the openvpn server. I would hope that Linksys would update with a firmware update. I hope something would come soon but not holding my breath.

User avatar
steven424
OpenVpn Newbie
Posts: 8
Joined: Mon Oct 24, 2022 2:40 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by steven424 » Thu Oct 27, 2022 12:40 am

A lot of people did, myself included.

I'd love to know how many units were sold, and at $200 - $275 a pop would it be enough to financially justify some sort of class-action suit? Intentional obsolescence could not be clearer than putting an expiration date (i.e. don't work no more) in a cleartext file where anyone can find it.

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Sun Oct 30, 2022 4:08 pm

Anyone can use this?

Manual: https://www.youtube.com/watch?v=0mzqqUBUp_s
Download: https://hohnstaedt.de/xca/index.php/download

Have made a new certificate from 2022 till 2032 but need to import it...

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Mon Oct 31, 2022 10:28 am

Are there Linux experts who know an answer on this...

I have one partiton with the stock FW installed, on the other partition is DD-WRT from where i can access the router with root access via SSH.
Does anyone know where the expired certificate can be found? Is it on another partition? Does it need to be mounted?
It seems to be possible to edit these files, so i could paste the new generated certificate here...

Thanks in advance!

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Sun Nov 06, 2022 2:32 pm

Seems time was not set correctly, but the Router DOES generate new certificates

User avatar
steven424
OpenVpn Newbie
Posts: 8
Joined: Mon Oct 24, 2022 2:40 am

Re: [Linksys] Error message: Peer certificate verification failure

Post by steven424 » Mon Nov 07, 2022 2:45 am

Jaak - Under what circumstances does it generate new certificates? What are the steps you followed to get the WRT3200ACM to create a new cert? That may be the missing link.

Thanks!
--- Steve

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Mon Nov 07, 2022 1:07 pm

If you flash the FW via serial cable in Uboot (Nice so you can read the logging. I can post it here when i get home)
OR
when you hold the reset button for 20 seconds, until the front LED's go out.

First, the date is reset to year 1970. (you can do this manually during Uboot with command "date reset")
you can set the date then for example to 12h00 Nov 7, 2022 by entering command in Uboot: "date 110712002022"
then the autoboot sets the date to Oct 09 2012.
Afterwards it generates all 3 certificates based on this startdate with a validity of 3650 days, using ./easy_RSA commands
This is all stated in the Uboot logging ans seems to work fine. The only problem is the date is wrong at the moment the certificates are being generated. Sounds like an easy to solve problem for Linksys.

Searched in the FW "Rango.img" in a hex editor to find this date, but with no success (year 1970 and 2012)
Maybe it gets those dates from somewhere in the FW, but i suspect it's linked to the environment variables (like production date for example)
I'll play with that tonight and keep you updated.
I'll post some Uboot logging later after work. Maybe if we all work together we can fix this problem for everybody with new 2032 certificates

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Mon Nov 07, 2022 4:38 pm

A piece of logging...

EDIT:
Deleted the logging, not usefull anymore :)
Last edited by jaakdaniels on Tue Nov 08, 2022 6:42 am, edited 1 time in total.

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Tue Nov 08, 2022 6:18 am

Nevermind the logging... One step further. I found a way to delay the creation of the certificates untill the router is fully booted after factory reset. At this stage, the system time has been synchronized with the RTC time. The creation of certificates at this point makes a key and a private certificate with expiration year 2032. The CA.crt does not get an update and has still the expiration of year 2022. I have another way in mind, because during the manufacturing process it worked....

Stay tuned...

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: [Linksys] Error message: Peer certificate verification failure

Post by jaakdaniels » Tue Nov 08, 2022 8:33 pm

I'VE DONE IT!!!!! All 3 certificates renewed and VPN working for another 10 years!!!!

Jiiihaaaaaaa!!!!

Post Reply