Menu
What's new
By:
Filters Better Search

Open VPN Configuration File Question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

K

Kitsap

Regular Contributor
Running the Open VPN server on a Netgear R9000.

When I create the four configuration files from within the router configuration page, one of the files downloaded is named ca.crt. The file contains information about the certificate authority.

Is this certificate authority information embedded in the firmware and downloaded direct from the router or is it downloaded from a Netgear server?
 
Kitsap said:
Running the Open VPN server on a Netgear R9000.

When I create the four configuration files from within the router configuration page, one of the files downloaded is named ca.crt. The file contains information about the certificate authority.

Is this certificate authority information embedded in the firmware and downloaded direct from the router or is it downloaded from a Netgear server?
Click to expand...
On R7800 this certificate is generated on the router and stored somewhere in a flash partition.

I assume R9000 will do the same.
(you could check the contents of /etc/init.d/openvpn. This is the startup script for OpenVPN server on R7800. It has some functions for extracting and regenerating cert files.)
 
R. Gerrits said:
On R7800 this certificate is generated on the router and stored somewhere in a flash partition.

I assume R9000 will do the same.
(you could check the contents of /etc/init.d/openvpn. This is the startup script for OpenVPN server on R7800. It has some functions for extracting and regenerating cert files.)
Click to expand...
Thank you. I will dig in to it and see what I can find.
 
R. Gerrits said:
On R7800 this certificate is generated on the router and stored somewhere in a flash partition.

I assume R9000 will do the same.
(you could check the contents of /etc/init.d/openvpn. This is the startup script for OpenVPN server on R7800. It has some functions for extracting and regenerating cert files.)
Click to expand...

Yes, the OpenVPN startup script is in the same location on the R9000. Trying to decipher the script is beyond my skill set.

Trying to understand where details to update the cert files originate. When the cert files require updating, does the firmware on the router have to be updated or do the details get brought in from a Netgear server during the certificate regeneration process?
 
Kitsap said:
Yes, the OpenVPN startup script is in the same location on the R9000. Trying to decipher the script is beyond my skill set.

Trying to understand where details to update the cert files originate. When the cert files require updating, does the firmware on the router have to be updated or do the details get brought in from a Netgear server during the certificate regeneration process?
Click to expand...
The generation of the openvpn certificate happens solely on the router.

when openvpn server is started for the first time (or perhaps started for the first time after factory defaults), it sees that there is not yet a certificate stored in the flash memory -> it then generates certificate and stores it in flash.

the script also has a function to regenerate the certificates. But I don't know exactly what would be triggering that function.
Also don't know for sure what the validity is if of that certificate. Could be that the validity is so long, that it will outlive the router.

But I no longer have access to my r7800 to check.

In any case, there are no Netgear servers involved in the regeneration process.
 
R. Gerrits said:
The generation of the openvpn certificate happens solely on the router.

when openvpn server is started for the first time (or perhaps started for the first time after factory defaults), it sees that there is not yet a certificate stored in the flash memory -> it then generates certificate and stores it in flash.

the script also has a function to regenerate the certificates. But I don't know exactly what would be triggering that function.
Also don't know for sure what the validity is if of that certificate. Could be that the validity is so long, that it will outlive the router.

But I no longer have access to my r7800 to check.

In any case, there are no Netgear servers involved in the regeneration process.
Click to expand...

Thank you! I appreciate your taking the time to respond to my question.
 
You must log in or register to reply here.

Similar threads

G
Import "Always On VPN" Certificate does not Upload, RT-AC86U AsusWRT Firmware 3.0.0.4.386_51925
Replies
0
Views
330
GAndreone
G
D
Nord Open VPN client connected but not secure?
Replies
1
Views
291
Dougj
D
J
Open VPN not working anymore
Replies
10
Views
758
jra505
J
S
One website cannot be accessed when VPN is on
Replies
7
Views
499
sfx2000
sfx2000
B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
249
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
J Open VPN not working anymore NETGEAR AC Routers and Adapters (Wi-Fi 5) 10
0 Optimal trustless privacy configuration (DNScrypt/Unbound/Wireguard?) NETGEAR AC Routers and Adapters (Wi-Fi 5) 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 855 (members: 31, guests: 824)
Top