SSL Certificate errors on websites since using Cisco RV130 router - Page 3

frederick111 · ‎04-21-2015

Dear reader,

The problem we are having is very random, but various colleagues of mine are getting a NET::ERR_CERT_COMMON_NAME_INVALID in Chrome when trying to access their gmail or calendar from Google. Now I know what you might think, this must be a browser problem, but in most cases, switching to another browser simply results in the same problem, just a different formulation of the problem (since hey, it's another browser).

Now here comes the weird part, this all started SINCE we placed the Cisco RV130 router in our network. Before that our ISP issued Modem was in Modem/Router mode (now it's been set to Bridge mode by the ISP, I cannot set this myself!) and the aforementioned router was placed in between our first switch (A Netgear GS748T) and the modem.

Various things that I have checked, but first and foremost lets handle the occurrence. The problem only happens sometimes, say a person comes into the office, starts his or her computer, gmail works fine. Then after a few hours they get this error, and after refreshing for like 5 minutes the problem disappears and they can check their Gmail again. Others have this when accessing their calendar but not when opening their gmail. So to sum this all up, it's completely random. So far I am the only one who's experienced it with another website (as in, other than gmail or the gmail calendar) and that was when I tried to access Facebook.com, but this has only been once so far, and honestly I don't care at all if this would ever happen again since the other two websites are way more important.

Computers are running Kaspersky Internet Security, and although the problem only started recently I have tried disabling it when somebody was experiencing the problem but this didn't result in being able to access the aforementioned pages.

Another thing I have checked which seemed to pop up quite often (but given this error message I think it doesn't matter) is the system time on computers. Which I have made sure it was synced and therefore correct.

Also, just now I was able to find out this. When I had the problem on a colleague's computer I did a ping to both www.google.com and www.apple.com (given the subject of the error) and the results were this:

www.google.com:

Pinging www.google.com [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59


Ping statistics for 95.100.141.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 11ms, Average = 10ms

&

www.apple.com:

Pinging e3191.dscc.akamaiedge.net [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=16ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
Reply from 95.100.141.15: bytes=32 time=15ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59


Ping statistics for 95.100.141.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 16ms, Average = 12ms

I don't think it can be correct that both resolve to the same IP address even though I'm pinging to two different webpages. Am I transitioning into a rounting / switching / dns problem here or is this still a Chrome problem? Any help would be appreciated because I'm quite at loss!

Best regards,

Fred

P.s. I have added two images of the resulting errors from Chrome.

[edit]

Forgot to mention that I have started a similar discussion on the Google Chrome forums, but other than flushing my dns in Windows and clearing my host cache in chrome I haven't gotten any results yet. And that only seems to solve the problem temporarily.

sohodiffusion · ‎05-19-2015

We're testing the RV130W and have the same problem.

We get the SAME ERRORS when we use the "DNS proxy" option in the LAN (the router will be the dns server in the dhcp request). It's not immediate but it comes after afew minutes / hours.

We tried disabling "bonjour" but it did not solve the problem.

You have to disable DNS proxy and then you'll receive your ISP DNS when requesting IP from DHCP...

Could someone at cisco confirm a bug / support ticket is open ?

Thanks

Gralo1974 · ‎06-03-2015

Having the exact same problem with an RV130W, 1.0.1.3 firmware. We have 3 of these and this occurs at 3 distinct locations. There are no anti-virus installed, and even vanilla windows 8 setups will reflect this behavior. Resetting the router to default settings also displays this behavior.

Hugely disappointed in this router, without a doubt will cycle these out as soon as the opportunity presents itself.

nick.tait · ‎06-12-2015

Hi Fred.

From the look of your ping tests, it seems to me that the issue is with DNS resolution - i.e. both www.google.com and www.apple.com are resolving to the same (wrong) IP address. This would also explain why you are seeing SSL errors in your browser.

The RV series routers' factory default settings cause them to act as a DNS proxy. So I wondered if you had tried turning this off? Based on what I can see in the online device emulator for RV130, you should find the setting here:

Networking -> LAN -> LAN Configuration -> DNS Server

I suggest changing the setting from "Use DNS Proxy" to "Use DNS from ISP", to see if that makes a difference? Good luck.

Nick.

P.S. My brother was considering buying a RV130... needless to say he isn't now! Cisco you need to lift your game. :-(

cbjwthwm · ‎03-23-2017

I experienced those errors on a RV130 at a site despite DNS proxy being disabled; I had to revert to using a RV180W (prior to it becoming end of life). Now the problem is getting the stubborn client to migrate to a non-EOL model as the RV180W has had zero issues for ~1.5 years now...

sohodiffusion · ‎08-11-2015

Hello,

There's a new firmware available (1.0.2.7) :

https://software.cisco.com/download/release.html?mdfid=285026142&softwareid=282465789&release=1.0.2.7&relind=AVAILABLE&rellifecycle=&reltype=latest

Issues Resolved :
DNS proxy doesn’t always work. (CSCuo97062)

We'll test and let you know.

If someone has already made the update, let us know how it goes.

thanks

kunzvonjona · ‎08-14-2015

Hello,

I've 1.0.2.7 installed on my RV130 and I still have the same dns problem. No Kaspersky, nothing like this.

If I ping a well known DNS I just get kind of random IP. As soon I set the DNS Server manually (on my MacBook, not on the RV130) to 8.8.8.8 the DNS is resolved to the correct IP address.

thanks, Martin

bertrand.ep · ‎08-18-2015

Hello,

Changed my cisco username (was sohodiffusion).

We're testing and YES, we still have the same problems.

Firmware updated + reset to factory settings.

I'm trying to setup some monitoring to have some logs before openning a support case.

Best

Bertrand

infotech64 · ‎08-19-2015

I confirm that the new firmware don't change anythings.

We still have the same problem whith the new firmware.

We are migrating all our RV130 to netgear and d-link...

mvdm031009 · ‎03-09-2016

Hi, interested to know which netgear or d-link you have chosen. Looking for an alternative to my RV130W (wireless).

Cheers!

NAKA-Technik · ‎03-10-2016

Hi, we went for Netgear FVS318G. Sadly no wireless feature, but also no SSL or other problems. After all, we simply appreciate a device doing its (not tooo advanced) job.

cbjwthwm · ‎03-23-2017

The main concern with Netgear FVS routers is bad defaults on some models enabling UDP flood attack checks which easily trigger and make the router laggy or seizes the gateway until it is disabled, even on their latest firmware from late 2016.

I stopped using them (prior to now using mostly Cisco RV models) because their PPTP tunnels were extremely buggy and they couldn't meet their rated WAN routing speeds. Most of their models which are being actively supported (earlier FVS318G and FVS336G models are not) have fixed the WAN speed issues now. Their PPTP support, on the other hand, is worse than ever with 4.x firmware and RV models are stellar in comparison vs the FVS products for my purposes.

marsrocks2009 · ‎11-12-2015

Had similar problem as the top post of this thread.

Also had random http (not https) errors: 404 and weird redirects to Linkedin from WordPress at my site.

No virus or malware, and the SSL error was on 2 new win7 computers and one old XP laptop.

Support thought initially could be MTU problem, but that was not the case.

So we tried changing DNS from use proxy setting to custom. I am attaching a screen cap of the settings and its also in my post at bottom.

Note: My router is the wireless version RV130W ot the RV130. My installation was through the setup wizzard or whatever they call it, so most settings were picked by the router itself. I highlighted what we changed.

It's been over a week of router bliss except for one error which may not be related.

Support suggesed one more tweak to QoS to help inprove performance. I am attaching a screen cap of the settings and its also in my post at bottom.

If my post is still up, I'm still all good. I hope this helps. I love the router and did not want to have to scrap it.

Thanks Cisco for helping me, it took a couple support people but the problem is resolved.

--

NAKA-Technik · ‎03-01-2016

Hey there,

not sure if still someone of you is here or all migrated already away from RV130 to other routers. Anyway, just wanted to share my experience:

We installed about 2-3 weeks ago the RV130W and having the exact same SSL certificate problems that are reported here. We already had the newest firmware 1.0.2.7 installed, so that was not a solution. While reading through all your posts i got really disappointed as all given probable solutions are either already activated/ implemented in our router configuration or didn't show any improvement.

Finally, I'm just trying the suggested settings by marsrocks2009. Not sure if this helps, but I would be grateful if I can avoid to change the router and setup a new one.

Maybe anyone else of you made the RV130 work and stood on this model?

Thanks in advance for a short feedback!

marsrocks2009 · ‎03-01-2016

The solution I posted has been working for four months or so. Best of luck.

NAKA-Technik · ‎03-01-2016

Thank you so much for you update, although this post is quite old! Very nice to see that this really was a solution for you and kept working for such a long time. I will keep posting my updates here as it might be of interest for other users of the RV130(W) as well who just stumble over this thread by googling the issue.