Replies to Linksys topic in Announcements

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

wombatus
OpenVpn Newbie
Posts: 9
Joined: Sat Jun 06, 2020 6:28 pm

Re: Linksys router 'certificate verify failed' issue

Post by wombatus » Fri Oct 14, 2022 3:02 am

I've done a similar thing with Linksys support. I've provided them screenshots, etc. Most of their questions are not relevant to the issue but hopefully they will get there eventually. In the interim, I stood up a Ubuntu client with OpenVPN server running on it. There are some simple articles on how to do this. I still have not heard back from Linksys on a resolution.

JeDiOpenVPN
OpenVpn Newbie
Posts: 3
Joined: Mon Oct 10, 2022 2:03 pm

Re: Linksys router 'certificate verify failed' issue

Post by JeDiOpenVPN » Fri Oct 14, 2022 12:51 pm

Yeah, I spent a couple hours configuring OpenWRT on my Linksys router. The steps I followed to get it up were super fast...
https://sorenpoulsen.com/install-openwr ... wrt3200acm - Had it running and connected to the internet in 20 minutes.

It was the OpenVPN piece that was a struggle for about an hour. Then, I recalled that upon trying to get OpenVPN support to assist, I opened an OpenVPN Cloud account. I basically followed this, https://openvpn.net/cloud-docs/using-op ... e-openwrt/, but literally didn't have to follow any of the Configuring OpenWRT steps in that section since I had first attempted this one: https://www.ivpn.net/setup/router/openwrt-openvpn/ then this one, https://openwrt.org/docs/guide-user/ser ... vpn/server, using this video: https://www.youtube.com/watch?v=P8JZnmXlzBw ← This helped me create 3 client profiles, which was all that I needed.

The updated steps that should really be followed are just by going to your Networks tab in OpenVPN Cloud, https://texasstarsmiles.openvpn.com/net ... d/scenario, and installing Remote Access... I followed shots steps and happened to save my subnet from my Linksys router, so I used the internal subnet of 172.19.13.0/24 to cover my range of 172.19.13.2 - 6, and uploaded the .opvn that I created in OpenWRT's OpenVPN section, and voila, I hit Save and Apply, and all was well. It was active and running unlike my previous attempts from the two OpenWRT guides above. I deleted my two failures and left it running and tested the connect with OpenVPN Client now being able to use the http://cloudaccountname.openvpn.com, and it all worked. I got my two other users to accept the invite, and their windows sessions were ready to roll.

I had figured it would take 2-3 hours of trial and error since I'd used OpenWRT in the past, but I must say that the OpenWRT setup was the fastest now that I'd ever seen. It was the OpenVPN trial and error that almost stumped me. I may unpack this one day and just create steps to exactly follow from scratch to get this working, but hopefully, I won't have to and Linksys will get a firmware upgrade to fix this by then. My case is escalated there as well, and they did already return my call twice with two more escalation points, so they do appear to be taking it seriously. We'll see though. I've got our office back up and working, so that's what I'm most happy about.

CLV
OpenVpn Newbie
Posts: 6
Joined: Sun Apr 22, 2018 5:04 pm

Re: Linksys router 'certificate verify failed' issue

Post by CLV » Fri Oct 14, 2022 3:39 pm

OpenWRT supported Linksys routers. WRT-1200, 1900, 3200 are all listed.

https://openwrt.org/toh/start?dataflt%5 ... 5D=linksys

ncc1701p
Posts: 0
Joined: Sun Oct 16, 2022 7:12 am

Re: Linksys router 'certificate verify failed' issue

Post by ncc1701p » Sun Oct 16, 2022 7:16 am

Greetings fellow users. Yeah im also in this exact same boat. In my situation I'm a bit boned because my router is in a remote country and I won't have physical access to it till later November when I go back to my other home. I followed some videos on youtube listed above from "
Van Tech Corner" which made the process look super easy. I'm an IT guy but not heavy into network, its not my job. No way in hell would I have been able to figure out how to do that via CLI or even via the installed gui. Would be 'great' if Linksys made a quick firmware update but honestly I have very low hope for this to happen. Would make my life easier if they did though. I'll keep a watchful eye on this thread to see where this goes. Thanks to JeDiOpenVPN for talking to them and posting what you know. Also thanks to others on posting possible replacement routers which make the job just as easy.

Fatbadcat
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 17, 2022 2:22 pm

Re: Linksys router 'certificate verify failed' issue

Post by Fatbadcat » Mon Oct 17, 2022 2:42 pm

Same Sinking Boat! I have 3 wrt3200ACM but only 2 have the expired VPN certificate (Oct9, 2022). The third was purchased later and I checked old .ovpn files and it has regularly updated its VPN certificate several times and currently has an expiry date of Jun 23, 2031. Opened a case with Linksys support and it sound hopeful initially. After they gathered my information and acknowledged the problem, they called me back and closed the case saying they will call or email me if and when the problem is resolved. All 3 wrt3200ACM routes are running the same firmware and are the same revision hardware. It is odd that one behaves differently. I provided Linksys support with this information, but they seemed more interested on what OpenVPN version I was running for the client and what windows operating system, as if they were trying to find a scape goat. Too bad they have been fairly reliable routers, despite their feature shortcomings compared to newer routers. No sure what I will do going forward, perhaps I will try the third party router OS. Please keep posting on how that works out for you.

Protean0
Posts: 0
Joined: Thu Oct 13, 2022 11:20 pm

Re: Linksys router 'certificate verify failed' issue

Post by Protean0 » Mon Oct 17, 2022 5:13 pm

Not expecting a quick solution from Linksys for the WRT3200ACM, I bought a TP-Link AX1800 from the local Walmart, and was back up with remote OpenVPN access to my network in about 30 minutes. Disappointed to now have a $225 Linksys boat anchor.

wombatus
OpenVpn Newbie
Posts: 9
Joined: Sat Jun 06, 2020 6:28 pm

Re: Linksys router 'certificate verify failed' issue

Post by wombatus » Mon Oct 17, 2022 6:49 pm

@fatbadcat: In addition to the 3 3200ACMs I have I also have an older 1900ACSv2. I tried that one and the certificate generated has not expired and is good until 2028. I recall when I first installed the 3200ACMs it required a hard reset (from the device not the GUI) to get the certificate to be generated. I've not tried that yet, but your experience with different 3200ACMs and my 1900ACS makes me think it's worth a try. It's been a few days since Linksys logged my case number so I'm not as hopeful as last week.

Scott123
OpenVpn Newbie
Posts: 1
Joined: Fri Oct 21, 2022 1:05 pm

Re: Linksys router 'certificate verify failed' issue

Post by Scott123 » Fri Oct 21, 2022 1:36 pm

FYI, I tried a hardware reset on my WRT3200ACM ("press the button") and it DID generate a new certificate with an expiration in 2032, but the CA certificate still expires on Oct 09, 2022, so that's not the solution. When I restored from a backup, it brought back my configuration and left the new certificate intact. That's good except the expired CA renders it moot.

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Sun Nov 06, 2022 2:51 pm

Damn problem! It seems the date is not set correctly at the moment the certificates are generated. After a hard reset (reset button pressed 20 sec untill the lights go out on the front) there are certificates generated based on the date the system is at that time.
In the logging the Router shows that the date is being reset first (to somewhere in year 1970) and is reloaded to Oct 09, 2012, 0600h. Where does this Oct 09, 2012 coming from?
Tried during Uboot via serial to press some buttons after a 20 sec reset button-press. Sometimes the date stays the same as i've set it...

In Uboot after the Marvell prompt type:
"date reset" Enter
"date 110712002022" Enter (Set date and time to Nov 07, 12h00m, year 2022)
"date" Enter (To check if the date is properly set)
"run nandboot" enter OR "run altnandboot" enter (Starts to load the kernell and boots)
during booting i tried to press arrow-up a few times. Sometimes the date resets to year 2012, sometimes it doesn't.

Checked the "rango.img" FW in a Hex-Editor and searched for those dates, but nothing to find.
Are there some linux professionals with some ideas?

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Tue Nov 08, 2022 6:44 am

One step further. I found a way to delay the creation of the certificates untill the router is fully booted after factory reset. At this stage, the system time has been synchronized with the RTC time. The creation of certificates at this point makes a key and a private certificate with expiration year 2032. The CA.crt does not get an update and has still the expiration of year 2022. I have another way in mind, because during the manufacturing process it worked....

Stay tuned...

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Wed Nov 09, 2022 9:00 am

Well, I'VE DID IT!!!
3 new certificates untill 2032 and VPN is up again!

Did more stuff together, so i don't know if every step is going to be usefull, but as long as it works...
The thing is, try to do as if it's first time use, out of the box. Restoring configuration will not affect the certificates AFTER they have been generated, but it certainly does BEFORE the certificates are generated.

1) Make a backup of your configuration
2) Remove the WAN cable and all other cables, leave only the cable from a LAN port to your computer to login
3) Hold "reset" pressed for 20 seconds, untill the front LED's go out and allow the router reboot (Old certificates are now erased)
4) Go to http://192.168.1.1 and login with "admin"
5) Configure the router BY HAND! Follow the steps as if it's your first time using it. The settings you do are not important
6) Follow this until the router complains about the missing WAN cable, and then connect the WAN cable
7) When the configuration is completed, download the *.ovpn file and check the "ca.crt" certificate-part
8) When it is valid you can restore your configuration. It does not affect the new certificates
9) Come back to this forum and let me know if it worked

Good luck to all!

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Fri Nov 11, 2022 9:04 am

Meanwhile i tried and tried the upper procedure again on the second WRT3200ACM to generate certificates with no result but ca-2022 and the other 2 were intermittend 2022 and 2032. It strongly suspect it's a timing problem from Linksys FW.

So an idea, the certificate was still generated earlier than the clock and date were set. To slow this down, i kept on pressing the "WPS" button. It generates WPS events that slow the startup down and delay the creation of certificates. You could follow this with a serial connection and PUTTY.

So in brief:
- Keep the WAN cable connected
- Hold reset for 20 seconds
- When the WAN LED lights op, press/hold the "WPS" button during booting untill it's fully booted
- Check the CA-certificate

I can't guarantee it works every time or if i was lucky, but here it worked the first time i tried! I now have a second router with all 3 certificates up untill 2032, so it's proven that the router is able to generate them.
If you try, please note your results here, maybe others can benefit from this info. I am very curious if it works for other people and we have a stable workaround.

grtmd001
OpenVpn Newbie
Posts: 1
Joined: Fri Nov 11, 2022 10:23 pm

Re: Replies to Linksys topic in Announcements

Post by grtmd001 » Fri Nov 11, 2022 10:31 pm

Tried it several times. No luck. Was very hopeful. By WAN led I assume you mean the blue bar on the front labeled 'Internet' which goes out on reset then re-illuminates as an blinking orange bar during boot, finally turning again to a blinking blue bar - right??

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Sat Nov 12, 2022 8:32 am

grtmd001 wrote:
Fri Nov 11, 2022 10:31 pm
Tried it several times. No luck. Was very hopeful. By WAN led I assume you mean the blue bar on the front labeled 'Internet' which goes out on reset then re-illuminates as an blinking orange bar during boot, finally turning again to a blinking blue bar - right??
Yes. I've red that someone had succes when pressing the WPS button directly after releasing the reset, and kept it pressed all time.
It's pressing, let loose, press again, hold, etc... To generate as much processor interruptions as possible.

viewtopic.php?p=109500#p109500

Fatbadcat
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 17, 2022 2:22 pm

Re: Replies to Linksys topic in Announcements

Post by Fatbadcat » Sat Nov 12, 2022 8:55 pm

I got my 2 wrt3200 routers to generate new VPN certificates with the 2032 date by using the "WPS" method it took several attempts with each.
Validity
Not Before: Nov 12 20:03:03 2022 GMT
Not After : Nov 9 20:03:03 2032 GMT

Unfortunately the new certificates do not work, they still indicate expired despite the new date in the file as follows in the OpenVPN client log.

Sat Nov 12 15:30:41 2022 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=Irvine, O=Linksys, OU=Belkin, CN=Mamba, name=BlackMamba, emailAddress=support@linksys.com
Sat Nov 12 15:30:41 2022 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sat Nov 12 15:30:41 2022 TLS_ERROR: BIO read tls_read_plaintext error
Sat Nov 12 15:30:41 2022 TLS Error: TLS object -> incoming plaintext read error
Sat Nov 12 15:30:41 2022 TLS Error: TLS handshake failed

I have one WRT3200 that works with the 2031 certificate that luckily generated it by itself earlier in the year before the Oct 9, 2022 default certificate expiry date and is VPN is fully functional.
Validity
Not Before: Jun 25 13:13:43 2021 GMT
Not After : Jun 23 13:13:43 2031 GMT

Here is its OpenVPN log showing it is not expired.
Sat Nov 12 15:49:04 2022 VERIFY OK: depth=1, C=US, ST=CA, L=Irvine, O=Linksys, OU=Belkin, CN=Mamba, name=BlackMamba, emailAddress=support@linksys.com
Sat Nov 12 15:49:04 2022 VERIFY OK: nsCertType=SERVER
Sat Nov 12 15:49:04 2022 VERIFY OK: depth=0, C=US, ST=CA, L=Irvine, O=Linksys, client OU=Belkin, CN=Mamba, name=BlackMamba, emailAddress=support@linksys.com
Sat Nov 12 15:49:05 2022 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024


I really don't know where to go with these 2 WRT3200 routers, hoping someone else has had more success and can provide feedback.

wombatus
OpenVpn Newbie
Posts: 9
Joined: Sat Jun 06, 2020 6:28 pm

Re: Replies to Linksys topic in Announcements

Post by wombatus » Wed Nov 16, 2022 9:11 pm

Sorry to say but I got to exactly the same place. I'm now replacing these with ASUS RX-AX-3000 that have similar VPN capabilities. I'll check back here periodically to see if there are any updates. Good Luck.

wombatus
OpenVpn Newbie
Posts: 9
Joined: Sat Jun 06, 2020 6:28 pm

Re: Replies to Linksys topic in Announcements

Post by wombatus » Thu Nov 17, 2022 11:54 pm

Further to this, I was just notified by Belkin (Linksys support) that a beta fix will be released next week for the 3200ACM routers.

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Fri Nov 18, 2022 7:46 pm

New update guys! And i think it's great news this time!

Stay tuned!

jaakdaniels
OpenVPN User
Posts: 37
Joined: Thu Oct 13, 2022 5:26 pm

Re: Replies to Linksys topic in Announcements

Post by jaakdaniels » Sat Nov 19, 2022 3:37 pm

Hi All,

Have found a stable solution, at least, it worked 2 times in a row... :)

Almost everybody has FW 1.0.8.199531 installed. Me 2. So i thought, why not going to the time things DID work. After all, the definition of an upgrade/update is solve the known bugs and add unknown bugs...


So this is my procedure that worked twice in a row:

- I downgraded to FW version 1.0.5.175944 and gave the router a factory reset. You can find the FW here
(Details: I flashed both partitions with the serial cable in uBoot, but i asume it should also work downgrading just 1 partition)
- Let it boot and log in at 192.168.1.1 (I normally use Google Chrome, but this old FW only worked on the old Internet Explorer)
- Make a VPN profile and download the certificate. Check it at https://www.sslshopper.com/certificate-decoder.html
- The certificate should be valid until Dec 1, 2023
- If this is the case, restore the "older" software. You can do this in the firmware update menu or switch the router 3 times on and off for about 3 seconds. The 4th time the router will switch to FW 1.0.8.199531 again and generate new certificates valid until 2032


Good luck!

RichB-WI
OpenVpn Newbie
Posts: 2
Joined: Tue Nov 22, 2022 11:22 pm

Re: Replies to Linksys topic in Announcements

Post by RichB-WI » Tue Nov 22, 2022 11:23 pm

Here is the link to the beta firmware for the WRT3200ACM:

https://linksysca-public.s3.us-west-2.amazonaws.com/beta-firmware/FW_WRT3200ACM_1.0.9.211585_prod.img

Best of luck!

Post Reply