So, do you recommend this action? Where I can see how to install OpenVPN after flash my linksys with this openwrt firmware?
[Linksys] Error message: Peer certificate verification failure
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Oct 18, 2022 1:34 am
Re: [Linksys] Error message: Peer certificate verification failure
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sun Apr 22, 2018 5:04 pm
Re: [Linksys] Error message: Peer certificate verification failure
OpenWRT has a very sort of Linuxy package manager and gui, where a search for openvpn will filter for the openvpn application and the OpenWRT GUI for it
-
- OpenVpn Newbie
- Posts: 14
- Joined: Mon Jan 08, 2018 8:32 pm
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: [Linksys] Error message: Peer certificate verification failure
in terms of security and community adoption, I'd strongly suggest OpenWRT. But this is just my opinion
-
- OpenVpn Newbie
- Posts: 14
- Joined: Mon Jan 08, 2018 8:32 pm
Re: [Linksys] Error message: Peer certificate verification failure
i will look at OpenWRT.
This morning have write to linksys support and they are currently working for a new firmware with a new certificate for my router WRT3200. But currently, they don't known yet when the new firmware will be available.
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
Same here, asked the Linksys helpdesk about the problem and the higher management is working on a solution. Probably new FW.
So keep our fingers crossed!
Good luck everyone!
So keep our fingers crossed!
Good luck everyone!
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Jul 21, 2022 8:02 pm
Re: [Linksys] Error message: Peer certificate verification failure
Just wondering how long till we can expect a fix. Seems it should not be that big of a challenge. Guess it’s better to keep your fingers crossed than to hold your breath?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Oct 22, 2022 9:04 pm
Re: [Linksys] Error message: Peer certificate verification failure
I have been using this Router with VPN connection for about 6 years myself and the same thing happened on the same day as the other users on this router. Is there any way to fix this?
Thanks, Doyle
Thanks, Doyle
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Oct 24, 2022 12:45 am
Re: [Linksys] Error message: Peer certificate verification failure
Linksys support gave me the workaround of:
backup the config file
factory reset
restore the config file
new certs will be created that will last another 10 years.
I wasn't optimistic, but I went through this workaround and also factory reset and DIDNT restore the config and started from scratch and it didn't work for me. Still showing cert expiring on 10/09/22. I tried explaining to the support agent that there needs to be a certificate update procedure to prevent this going forward, but i'm sure it fell on deaf ears because she didn't understand what the issue really was to begin with.
I specifically bought this router for the openvpn server on it so I didn't have to futz with my own vpn server at home. Guess it was good while it lasted. i'm not optimistic that they are going to do a firmware update on this router that will fix the issue. Guess i'm building myself a vpn server in my home lab tomorrow....might finally be time to build a pfsense or opnsense machine.
backup the config file
factory reset
restore the config file
new certs will be created that will last another 10 years.
I wasn't optimistic, but I went through this workaround and also factory reset and DIDNT restore the config and started from scratch and it didn't work for me. Still showing cert expiring on 10/09/22. I tried explaining to the support agent that there needs to be a certificate update procedure to prevent this going forward, but i'm sure it fell on deaf ears because she didn't understand what the issue really was to begin with.
I specifically bought this router for the openvpn server on it so I didn't have to futz with my own vpn server at home. Guess it was good while it lasted. i'm not optimistic that they are going to do a firmware update on this router that will fix the issue. Guess i'm building myself a vpn server in my home lab tomorrow....might finally be time to build a pfsense or opnsense machine.
- steven424
- OpenVpn Newbie
- Posts: 8
- Joined: Mon Oct 24, 2022 2:40 am
Re: [Linksys] Error message: Peer certificate verification failure
I just called Linksys support and received an identical list of steps to follow.
-
- OpenVpn Newbie
- Posts: 11
- Joined: Wed Jan 02, 2019 10:25 pm
Re: [Linksys] Error message: Peer certificate verification failure
Wow. I am glad I found this out. I thought it was may settings but I did find out that it is the ca not being valid anymore. I too bought this router for the openvpn server. I would hope that Linksys would update with a firmware update. I hope something would come soon but not holding my breath.
- steven424
- OpenVpn Newbie
- Posts: 8
- Joined: Mon Oct 24, 2022 2:40 am
Re: [Linksys] Error message: Peer certificate verification failure
A lot of people did, myself included.
I'd love to know how many units were sold, and at $200 - $275 a pop would it be enough to financially justify some sort of class-action suit? Intentional obsolescence could not be clearer than putting an expiration date (i.e. don't work no more) in a cleartext file where anyone can find it.
I'd love to know how many units were sold, and at $200 - $275 a pop would it be enough to financially justify some sort of class-action suit? Intentional obsolescence could not be clearer than putting an expiration date (i.e. don't work no more) in a cleartext file where anyone can find it.
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
Anyone can use this?
Manual: https://www.youtube.com/watch?v=0mzqqUBUp_s
Download: https://hohnstaedt.de/xca/index.php/download
Have made a new certificate from 2022 till 2032 but need to import it...
Manual: https://www.youtube.com/watch?v=0mzqqUBUp_s
Download: https://hohnstaedt.de/xca/index.php/download
Have made a new certificate from 2022 till 2032 but need to import it...
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
Are there Linux experts who know an answer on this...
I have one partiton with the stock FW installed, on the other partition is DD-WRT from where i can access the router with root access via SSH.
Does anyone know where the expired certificate can be found? Is it on another partition? Does it need to be mounted?
It seems to be possible to edit these files, so i could paste the new generated certificate here...
Thanks in advance!
I have one partiton with the stock FW installed, on the other partition is DD-WRT from where i can access the router with root access via SSH.
Does anyone know where the expired certificate can be found? Is it on another partition? Does it need to be mounted?
It seems to be possible to edit these files, so i could paste the new generated certificate here...
Thanks in advance!
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
Seems time was not set correctly, but the Router DOES generate new certificates
- steven424
- OpenVpn Newbie
- Posts: 8
- Joined: Mon Oct 24, 2022 2:40 am
Re: [Linksys] Error message: Peer certificate verification failure
Jaak - Under what circumstances does it generate new certificates? What are the steps you followed to get the WRT3200ACM to create a new cert? That may be the missing link.
Thanks!
--- Steve
Thanks!
--- Steve
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
If you flash the FW via serial cable in Uboot (Nice so you can read the logging. I can post it here when i get home)
OR
when you hold the reset button for 20 seconds, until the front LED's go out.
First, the date is reset to year 1970. (you can do this manually during Uboot with command "date reset")
you can set the date then for example to 12h00 Nov 7, 2022 by entering command in Uboot: "date 110712002022"
then the autoboot sets the date to Oct 09 2012.
Afterwards it generates all 3 certificates based on this startdate with a validity of 3650 days, using ./easy_RSA commands
This is all stated in the Uboot logging ans seems to work fine. The only problem is the date is wrong at the moment the certificates are being generated. Sounds like an easy to solve problem for Linksys.
Searched in the FW "Rango.img" in a hex editor to find this date, but with no success (year 1970 and 2012)
Maybe it gets those dates from somewhere in the FW, but i suspect it's linked to the environment variables (like production date for example)
I'll play with that tonight and keep you updated.
I'll post some Uboot logging later after work. Maybe if we all work together we can fix this problem for everybody with new 2032 certificates
OR
when you hold the reset button for 20 seconds, until the front LED's go out.
First, the date is reset to year 1970. (you can do this manually during Uboot with command "date reset")
you can set the date then for example to 12h00 Nov 7, 2022 by entering command in Uboot: "date 110712002022"
then the autoboot sets the date to Oct 09 2012.
Afterwards it generates all 3 certificates based on this startdate with a validity of 3650 days, using ./easy_RSA commands
This is all stated in the Uboot logging ans seems to work fine. The only problem is the date is wrong at the moment the certificates are being generated. Sounds like an easy to solve problem for Linksys.
Searched in the FW "Rango.img" in a hex editor to find this date, but with no success (year 1970 and 2012)
Maybe it gets those dates from somewhere in the FW, but i suspect it's linked to the environment variables (like production date for example)
I'll play with that tonight and keep you updated.
I'll post some Uboot logging later after work. Maybe if we all work together we can fix this problem for everybody with new 2032 certificates
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
A piece of logging...
EDIT:
Deleted the logging, not usefull anymore
EDIT:
Deleted the logging, not usefull anymore
Last edited by jaakdaniels on Tue Nov 08, 2022 6:42 am, edited 1 time in total.
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
Nevermind the logging... One step further. I found a way to delay the creation of the certificates untill the router is fully booted after factory reset. At this stage, the system time has been synchronized with the RTC time. The creation of certificates at this point makes a key and a private certificate with expiration year 2032. The CA.crt does not get an update and has still the expiration of year 2022. I have another way in mind, because during the manufacturing process it worked....
Stay tuned...
Stay tuned...
-
- OpenVPN User
- Posts: 37
- Joined: Thu Oct 13, 2022 5:26 pm
Re: [Linksys] Error message: Peer certificate verification failure
I'VE DONE IT!!!!! All 3 certificates renewed and VPN working for another 10 years!!!!
Jiiihaaaaaaa!!!!
Jiiihaaaaaaa!!!!