OpenVPN Support Forum

cmwalden wrote: ↑

Mon Oct 17, 2022 12:36 pm

I ran into this a while back and found no help but only things like this discouraging thread. I flashed my router with the openwrt firmware and installed openvpn. The process was pretty simple and got everything back on track with some new functionality.

So, do you recommend this action? Where I can see how to install OpenVPN after flash my linksys with this openwrt firmware?

OpenWRT has a very sort of Linuxy package manager and gui, where a search for openvpn will filter for the openvpn application and the OpenWRT GUI for it

jeremys wrote: ↑

Sat Oct 15, 2022 2:38 am

same problem on my linksys. I guess buying another companies router would be a solution?

dd-wrt can be also a free solution. I will do it on my father router if linksys does not generate a new certificate.

Tg92 wrote: ↑

Tue Oct 18, 2022 5:34 am

jeremys wrote: ↑

Sat Oct 15, 2022 2:38 am

same problem on my linksys. I guess buying another companies router would be a solution?

dd-wrt can be also a free solution. I will do it on my father router if linksys does not generate a new certificate.

in terms of security and community adoption, I'd strongly suggest OpenWRT. But this is just my opinion

ordex wrote: ↑

Tue Oct 18, 2022 7:45 am

Tg92 wrote: ↑

Tue Oct 18, 2022 5:34 am

jeremys wrote: ↑

Sat Oct 15, 2022 2:38 am

same problem on my linksys. I guess buying another companies router would be a solution?

dd-wrt can be also a free solution. I will do it on my father router if linksys does not generate a new certificate.

in terms of security and community adoption, I'd strongly suggest OpenWRT. But this is just my opinion

i will look at OpenWRT.
This morning have write to linksys support and they are currently working for a new firmware with a new certificate for my router WRT3200. But currently, they don't known yet when the new firmware will be available.

Same here, asked the Linksys helpdesk about the problem and the higher management is working on a solution. Probably new FW.
So keep our fingers crossed!

Good luck everyone!

Just wondering how long till we can expect a fix. Seems it should not be that big of a challenge. Guess it’s better to keep your fingers crossed than to hold your breath?

I have been using this Router with VPN connection for about 6 years myself and the same thing happened on the same day as the other users on this router. Is there any way to fix this?
Thanks, Doyle

Linksys support gave me the workaround of:
backup the config file
factory reset
restore the config file
new certs will be created that will last another 10 years.

I wasn't optimistic, but I went through this workaround and also factory reset and DIDNT restore the config and started from scratch and it didn't work for me. Still showing cert expiring on 10/09/22. I tried explaining to the support agent that there needs to be a certificate update procedure to prevent this going forward, but i'm sure it fell on deaf ears because she didn't understand what the issue really was to begin with.

I specifically bought this router for the openvpn server on it so I didn't have to futz with my own vpn server at home. Guess it was good while it lasted. i'm not optimistic that they are going to do a firmware update on this router that will fix the issue. Guess i'm building myself a vpn server in my home lab tomorrow....might finally be time to build a pfsense or opnsense machine.

I just called Linksys support and received an identical list of steps to follow.

Wow. I am glad I found this out. I thought it was may settings but I did find out that it is the ca not being valid anymore. I too bought this router for the openvpn server. I would hope that Linksys would update with a firmware update. I hope something would come soon but not holding my breath.

A lot of people did, myself included.

I'd love to know how many units were sold, and at $200 - $275 a pop would it be enough to financially justify some sort of class-action suit? Intentional obsolescence could not be clearer than putting an expiration date (i.e. don't work no more) in a cleartext file where anyone can find it.

Anyone can use this?

Manual: https://www.youtube.com/watch?v=0mzqqUBUp_s
Download: https://hohnstaedt.de/xca/index.php/download

Have made a new certificate from 2022 till 2032 but need to import it...

Are there Linux experts who know an answer on this...

I have one partiton with the stock FW installed, on the other partition is DD-WRT from where i can access the router with root access via SSH.
Does anyone know where the expired certificate can be found? Is it on another partition? Does it need to be mounted?
It seems to be possible to edit these files, so i could paste the new generated certificate here...

Thanks in advance!

Seems time was not set correctly, but the Router DOES generate new certificates

Jaak - Under what circumstances does it generate new certificates? What are the steps you followed to get the WRT3200ACM to create a new cert? That may be the missing link.

Thanks!
--- Steve

If you flash the FW via serial cable in Uboot (Nice so you can read the logging. I can post it here when i get home)
OR
when you hold the reset button for 20 seconds, until the front LED's go out.

First, the date is reset to year 1970. (you can do this manually during Uboot with command "date reset")
you can set the date then for example to 12h00 Nov 7, 2022 by entering command in Uboot: "date 110712002022"
then the autoboot sets the date to Oct 09 2012.
Afterwards it generates all 3 certificates based on this startdate with a validity of 3650 days, using ./easy_RSA commands
This is all stated in the Uboot logging ans seems to work fine. The only problem is the date is wrong at the moment the certificates are being generated. Sounds like an easy to solve problem for Linksys.

Searched in the FW "Rango.img" in a hex editor to find this date, but with no success (year 1970 and 2012)
Maybe it gets those dates from somewhere in the FW, but i suspect it's linked to the environment variables (like production date for example)
I'll play with that tonight and keep you updated.
I'll post some Uboot logging later after work. Maybe if we all work together we can fix this problem for everybody with new 2032 certificates

A piece of logging...

EDIT:
Deleted the logging, not usefull anymore

Nevermind the logging... One step further. I found a way to delay the creation of the certificates untill the router is fully booted after factory reset. At this stage, the system time has been synchronized with the RTC time. The creation of certificates at this point makes a key and a private certificate with expiration year 2032. The CA.crt does not get an update and has still the expiration of year 2022. I have another way in mind, because during the manufacturing process it worked....

Stay tuned...

I'VE DONE IT!!!!! All 3 certificates renewed and VPN working for another 10 years!!!!

Jiiihaaaaaaa!!!!