cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15823
Views
180
Helpful
76
Replies

RV320 OpenVPN MD5

Weber23
Level 1
Level 1

If I connect with the latest Android OpenVPN it tells me, the certificates I created with RV320 are MD5 signed. Also it tells me, that MD5 support will end April 2018.

So how else shall I create certificates for OpenVPN? The root cert uses SHA256 but the Ovpn client/server certs are created with MD5.

76 Replies 76

not yet. latest firmware is stil at april 2018.

ibwinfield
Level 1
Level 1

Hell is there any update on this issue, I have firmware 1.4.2.2 and still MD5 issued certificates!

The only solution that works for me now is the one outlined by @Leo Gal. My implementation was something like this:

  1. Allow pop-ups for your router's "site".
  2. Go to System Management > Backup and Restore > Backup Configuration File (I chose to PC). Make sure you have the admin password handy as you will need to enter it when restoring your config later.
  3. If you haven't already, update to latest official firmware in System Management > Firmware Upgrade, and if everything (besides OpenVPN) is okay, back up config again.
  4. Do a full factory reset + certificates in System Management > Factory Default, which doesn't actually seem to delete the certificates for me.
  5. Go through each page under Certificate Management and delete all remaining certificates (except the un-deleteable, self-signed one with OU=RV320 or OU=RV325). I did not do this the first time I tried, and I could not get the router to generate the new certificates properly.
  6. Install the beta firmware from this post in System Management > Firmware Upgrade.
  7. In Certificate Management > OpenVPN Certificate, Add a Server certificate, then create enough Client certificates to cover you for the next couple of years as you won't be able to generate more without temporarily downgrading again.
  8. Upgrade to the latest firmware again.
  9. Restore your config file (this doesn't destroy the certificates). If you're using a password manager or pasting the admin password into the authentication pop-up, you may need to type an extra character, then delete it, so the crappy script registers that there's something in the password field.
  10. Edit the OpenVPN config, adding/changing users you need, selecting the certificates you generated with the beta firmware.
  11. Test your VPN connection.
  12. Distribute your .ovpn files.

Good news directly vom Cisco! A fix for our problem is included in the next stable image (after 1.4.2.22). Releasedate is planned for beginning of August 2019 Notification for release can be set here… https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf35230 Kind Regards Martin Ecker (SCHAUX eU)

Hello,

 

does anybody know the date of the release? August is ending and we still have no solution...

Hi all,

below the the latest Cisco News in this case...

 

The fix is not publicly release yet. Unfortunately there are few defects which need to be included also before the release. I do have beta if you decided to test it anyway.

 

Question about a new release date:

I am afraid not at this moment, it all depends on the verification tests if they are successful or not.

 

Kind Regards

Martin

Martin,

thank you form your message.

What defects were found in this beta?

Hi,
as I'm a Cisco Reseller, not a Cisco employee, sadly I have no answer in this case for you.
Kind Regards
Martin Ecker

So, how does one get a current 1.4.x based beta? Considering that the OpenVPN code base that Cisco is using in this product has supported this for years, and the criticality of this issue, I am utterly dumbfounded by thr lack of urgency for this fix! If other things have bugs, cut this standalone! It's putting users either at risk, and crippling functionality!


 

Hi,
as I'm not a cisco employee, I can't send you a beta image.
But you can open a case with the cisco small business support team and they will send you the needed firmware.
We are not using beta firmware in productive environments...

Hi Martin,

That would be great!

Looks like a 1.5.x release dropped to the download site in about the last week of October . . .Has anyone run it yet?

Daaaamned…so many resolved things😊. I can’t believe it after those years.
But I will not beta test this in production.
Please anyone that can, let us know, if things are working. Specially with the certificates…
From release notes it sounds promising.

I updated without any hiccups. Generated a test OpenVPN client certificate and it was SHA256.

Thank you!!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: