cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2575
Views
15
Helpful
5
Replies

RV320 / 325 OpenVPN MD5 certificates - Firmware upgrade?

bernard.bakker
Level 1
Level 1

Hello All,

 

Coming april, MD5 hash OpenVPN certificates will not be supported by OpenVPN. This means that the certificates created by my RV320 will be useless from that moment on. So my question is:

 

Will the RV32x firmware be upgraded to support SHA-256 type hash certificates? If so, when will it be available?

 

Thanks in advance for your reply!

5 Replies 5

alippiatt
Level 1
Level 1

The OpenVPN client for Windows works up to version 2.4.4. However, 2.4.5 blocks connection due to this! The iOS app version 1.2.9 currently works, but warns it will no longer work after April 2018.

JonasHK
Level 1
Level 1

Same concern and problem.  Disappointing. I've only had my RV325 for about 5-6 months now.  Great investment.  

I'm not defending Cisco, but just observing that not only is OpenVPN not their product,  it is a competing technology. They added it in firmware version 1.3.1.12 on 7/20/2016, but the release notes don't say why. My personal suspicion is that Cisco did not keep up with the SSL VPN, because it was not compatible with newer browsers, and OpenVPN may have been a work-around offering as a courtesy. We use it and have found it very useful; it's certainly easier than setting up an OpenVPN server on a separate box.

I do agree, however, that if Cisco put it out there, they should either maintain it for functionality and security or remove it altogether. I'm not holding my breath and in preparation of the April change, I migrated our setup to OpenVPN running on a server.

I completely agree with you and fully appreciate that every vendor has the right to determine which services, standards and protocols they want to include in their products and at what price.  However, when products ship with a capability, you would expect a vendor like Cisco to continue supporting it within reason for a reasonable lifetime of the product.

 

If this was DLink, I would have different expectations.  

 

 

 

 

There is a parallel discussion on this "issue" with a potential workaround that appears to work "for now".

 

https://supportforums.cisco.com/t5/small-business-routers/rv320-openvpn-md5/m-p/3356698#M35038

 

Basically, you add...

tls-cipher "DEFAULT:@SECLEVEL=0"

...to the .ovpn client config file.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: