Replies to Linksys topic in Announcements

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Replies to Linksys topic in Announcements

Post by raylo32 » Mon Oct 10, 2022 3:17 pm

Replies to Linksys topic in Announcements
viewtopic.php?t=34874
Pippin


Thanks for the quick analysis, Johan. I suspect Linksys won't be in any hurry to float new firmware for these older routers. So, I am headed out to get a new one. NOT Linksys.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Linksys router 'certificate verify failed' issue

Post by openvpn_inc » Mon Oct 10, 2022 3:26 pm

Hi raylo,

Yeah, sorry, I understand the disappointment about this situation. Here are some personal thoughts I have on the situation, were I to own such a Linksys router, which might help you or others in the same boat in the decision making;

If the router is very old and there are no firmware updates, that alone makes it probably unsafe to use. It is unlikely Linksys will want to spend time and effort on a 6 year old router, but, they might be able to provide instructions to replace the certificates without a firmware upgrade, perhaps through the console or SSH or such. That doesn't fix the safety aspect of outdated router firmware though. However all of this could be solved by using OpenWRT. And that also solves the OpenVPN problem because in OpenWRT you have control over the certificates. And OpenWRT gets regular updates too. If the hardware is still good then OpenWRT would be a great solution, and it's free. If however I wanted a new fast clean router that has full support from the OEM, then yeah, I would buy a new router too.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

JeDiOpenVPN
OpenVpn Newbie
Posts: 3
Joined: Mon Oct 10, 2022 2:03 pm

Re: Linksys router 'certificate verify failed' issue

Post by JeDiOpenVPN » Mon Oct 10, 2022 3:53 pm

Yes, this is the situation we are in. I've been on the support line with Linksys for the past hour, and have explained the issue to them. Their support team is restricted from viewing this webpage unfortunately, so they will not have visibility to it, although they have tried. They seem to be understanding the issue after of course the first few rebuttals of updating the openvpn client, then telling me that I can only update the TimeZone in this router, along with the fact that this is a 3rd party software that they can't control, but I let them know that the button in the router configuration along with the settings that create the.opvn file is very much in their product team's control and that when they partnered with OpenVPN this occurred.
She is now escalating this case to their supervisor at Linksys Support, and I should expect a call in 1-24 hours.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Linksys router 'certificate verify failed' issue

Post by openvpn_inc » Mon Oct 10, 2022 3:59 pm

Hi JeDiOpenVPN,

Thanks for checking in. Technically they didn't partner with us/OpenVPN though. The OpenVPN software is open source and anyone can use it and integrate it into their products. Linksys have done so. They don't require any type of partnership to do so, and we don't have any with them as far as I know. If there were problems in the OpenVPN software that we could solve we would obviously be interested in doing so. In this case however it's not. Let's hope they can provide a solution to the certificate problem.

Edit; just for clarification, there is an OpenVPN Inc. company and I do work for them as well as contribute to the OpenVPN community like I'm doing here. The company OpenVPN Inc. does sell software like OpenVPN Access Server and OpenVPN Cloud, and those are based on the open source OpenVPN project as well. Any other company is also free to do so. In this case Linksys integrated the open source OpenVPN project into their products, like OpenVPN Inc have done in OpenVPN Access Server and OpenVPN Cloud. For OpenVPN Access Server and OpenVPN Cloud, OpenVPN Inc is responsible for support. For Linksys router products, Linksys is responsible for support.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

JeDiOpenVPN
OpenVpn Newbie
Posts: 3
Joined: Mon Oct 10, 2022 2:03 pm

Re: Linksys router 'certificate verify failed' issue

Post by JeDiOpenVPN » Mon Oct 10, 2022 4:01 pm

Thank you for that clarification, Johan.

This is good to know as I continue to work with them, and this also means that more is under their control than they are probably aware with I'm sure the Support team just being directed to issue that standard response about it being 3rd party software. I got lucky and got an agent who actually listened and continued to try to understand the situation. I'll provide everyone here an update once I do hear back from them. Thank you for being so responsive in this forum. I must say that I am impressed, as some forums go several hours, days without follow-up.

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Mon Oct 10, 2022 4:33 pm

Yeah, OpenWRT... been there done that once upon a time with a NetGear router. Worked well once I got it set up. But it wasn't very straightforward... unless maybe you are doing it every other week or so... and I just don't have time to go down that rabbit hole again right now. Maybe I'll do that as a side project when I do have time. But for now it'll be a new ASUS wifi 6 router.

Chris H_UK
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 10, 2022 2:18 pm

Re: Linksys router 'certificate verify failed' issue

Post by Chris H_UK » Mon Oct 10, 2022 4:39 pm

Thanks for the updates on this to all.

I am replacing the router with the issue (WRT 1900ACS) with a TP-LInk product. Note I verified the generation of Certs on the TP-Link product and they are produced on the router and have a 10 yr expiration from the date you produce them. I have a TP-link at home etc. Works well has all the features of the 1900ACS....only better implementation. The Router will give you an openvpn config file just like the Linksys,
Not a plug for in anyway for TP-Link, but in my experience but they are very stable and have good features etc. Running the cert produced on the TP link gives (from the handy link supplied earlier - https://www.sslshopper.com/certificate-decoder.html

using the cert generated by Model - AC2300 as of yesterday...

It gives....

Common Name: client
Organization: TP-Link
Organization Unit: SOHO-I18N
Locality: ShenZhen
State: GD
Country: CN
Valid From: October 9, 2022
Valid To: October 6, 2032
Issuer: TP-Link CA, TP-Link
Serial Number: 2 (0x2)


Certs can be regenerated as required.

So if your looking for a quick replacement then they are worth a look etc.

JeDiOpenVPN
OpenVpn Newbie
Posts: 3
Joined: Mon Oct 10, 2022 2:03 pm

Re: Linksys router 'certificate verify failed' issue

Post by JeDiOpenVPN » Mon Oct 10, 2022 6:20 pm

raylo32 wrote:
> Yeah, OpenWRT... been there done that once upon a time with a NetGear
> router. Worked well once I got it set up. But it wasn't very
> straightforward... unless maybe you are doing it every other week or so...
> and I just don't have time to go down that rabbit hole again right now.
> Maybe I'll do that as a side project when I do have time. But for now
> it'll be a new ASUS wifi 6 router.

* I completely agree. I'm contemplating the easier path... Installing OpenWRT and reconfiguring the router, OR just purchasing a new router.

chris_h_uk wrote:
> I am replacing the router with the issue (WRT 1900ACS) with a TP-LInk product.
> Note I verified the generation of Certs on the TP-Link product and they are
> produced on the router and have a 10 yr expiration from the date you produce them.
> I have a TP-link at home etc. Works well has all the features of the 1900ACS....
> only better implementation. The Router will give you an openvpn config file just like
> the Linksys, not a plug for in anyway for TP-Link, but in my experience but they are
> very stable and have good features etc. Running the cert produced on the TP link
> gives - from the handy link supplied earlier
> https://www.sslshopper.com/certificate-decoder.html
>
> [...] Certs can be regenerated as required.
> So if your looking for a quick replacement then they are worth a look etc.

* Thank you for the update here and the recommendation as well. I believe the time saved here is far worth doing the OpenWRT and maybe, just maybe Linksys will resolve the issue because I did really like all the aspects of this router, most of all how simple it was to use and configure.

Edit: post cleaned up by moderator a bit

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Mon Oct 10, 2022 7:04 pm

I went with ASUS RT-AX3000. Easy to transfer the wifi and LAN ip range settings for the network. Up and running again, including VPN. I almost got a TP Link. They make good products, too and I really like their web interfaces. I'll need to get used to the ASUS but they are all pretty similar except for presentation.

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Mon Oct 10, 2022 7:40 pm

One downside to ASUS routers, I just learned, is that there is no way to schedule a reboot in the firmware. I usually have mine set to do that once a month just to clear out any junk. Not really critical, but I will need to find a workaround one of these days. I haven't seen a router that lacked this feature in a long time.

apn3a
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 07, 2011 9:53 pm
Location: Athens-Greece, NY, Boston

Re: Linksys router 'certificate verify failed' issue

Post by apn3a » Tue Oct 11, 2022 7:14 am

"Glad" to see others facing the same issue with Linksys - been talking to their support for ages.

supposedly, they have escalated this but i have little hope it will be addressed as the router has reached it's EoS. my problem is that i don't have physical access to the router at this point, so i cannot test connecting to the router through SSH and see if i can update the certificates myself (doubt it).

definitely OpenWRT is a solution, but again, requires physical access to the router.

i will let everyone know if linksys gets back to me.

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Tue Oct 11, 2022 11:17 am

A related question for you experts... The OVPN setup in the Asus GUI has a button to "renew certificate". Will this make a new cert with new start and end dates such that this issue can be avoided?

And one suggestion, although I do not know if it is possible... Have a way in the client app to be able to view the expiry date... or better yet to send a series of alerts, say at 30 days prior, 7 days prior, 1 day prior etc. so we don't get caught out in a remote location with no access to our VPN and no way to restore access. That really isn't good.

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Tue Oct 11, 2022 11:32 am

I can't edit my post so a new one. I just viewed the new Asus cert file, and I don't see "not before" or "not after" lines in the code. In fact, it doesn't have that long indented plain text segment that the Linksys had at all. So maybe the cert never expires?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Linksys router 'certificate verify failed' issue

Post by openvpn_inc » Tue Oct 11, 2022 11:34 am

Hello raylo32,

About renew certificate, you could check. Take those certificates that are generated and run them through some certificate checker to see what dates are on them. Make sure to check both the client certificate and the CA certificate. Private keys are not certificates and therefore don't expire and don't need to be checked.

And for those wondering - OpenVPN Access Server since version 2.9 automatically renews CA, and every time you obtain a connection profile, it generates new certs. This ensures that if this message would show for users of Access Server, all you would need do is download a new connection profile.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Linksys router 'certificate verify failed' issue

Post by openvpn_inc » Tue Oct 11, 2022 11:36 am

Hello again raylo32,

That extra data is ignored by OpenVPN and not mandatory. It was something Linksys decided to add in, and makes things more readable, but does not normally happen. What OpenVPN cares about is the stuff between ---- BEGIN CERTIFICATE ---- and ----- END CERTIFICATE ----. And if you take that stuff, and run it through a certificate checker, you can find out what the begin and end dates are. It is encoded in that information. Just because that additional information is not added into the connection profile itself does not mean it does not expire. A certificate must have a begin date and end date, and so it will expire.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Tue Oct 11, 2022 11:51 am

Just tried the cert checker linked above and it doesn't seem to work. Pasted the cert in including and between begin cert and end cert and it does nothing. And there is no "go" button. Can you recommend another cert checker?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Linksys router 'certificate verify failed' issue

Post by openvpn_inc » Tue Oct 11, 2022 11:57 am

Hello raylo32,

The one Chris_H_UK posted earlier works fine here. An alternative is here https://tools.keycdn.com/ssl

If that also doesn't work, consider installing OpenSSL or using a computer that has OpenSSL already installed (like a Linux OS for example) and using that to check certificates on the command line.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

raylo32
OpenVpn Newbie
Posts: 18
Joined: Fri Dec 14, 2018 12:02 am

Re: Linksys router 'certificate verify failed' issue

Post by raylo32 » Tue Oct 11, 2022 12:08 pm

That one worked. Thanks. Looks like it is good until Oct 7, 2032. If I am reading this correctly. I'll add a reminder to my calendar and have it set to send me an alert. LOL.

"validFrom": "221010180922Z",
"validTo": "321007180922Z",
"validFrom_time_t": 1665425362,
"validTo_time_t": 1980785362,

apn3a
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 07, 2011 9:53 pm
Location: Athens-Greece, NY, Boston

Re: Linksys router 'certificate verify failed' issue

Post by apn3a » Wed Oct 12, 2022 5:40 am

Hello,

Just to update everyone, I received a call from Linksys. They are gathering additional details as lots of users are affected.

They will escalate the feedback to higher management to see what kind of action can be taken. I reiterated the problem and how all routers have more or less the same expiry dates + how the encryption methods are outdated and need to be updated as well.

Fingers crossed.

Protean0
Posts: 0
Joined: Thu Oct 13, 2022 11:20 pm

Re: Linksys router 'certificate verify failed' issue

Post by Protean0 » Thu Oct 13, 2022 11:24 pm

Fingers crossed, indeed. It's a bit concerning that there seems to be nothing a user of these routers can do at the moment other than to replace it.

Post Reply