QuickVPN and WRV210 certificates ignored

Answered Question
Jan 6th, 2010

I have a WRV210 Router with the latest firmware (2.0.0.11) and QuickVPN (1.3.0.3). Apart from the very annoying fact that Windows 7 is not support (I can get around that by using virtual machines running XP), I have a problem with certificates.

There is NO certificate in the QuickVPN directory

If I start QuickVPN it gives the error - "Server's certificate doesn't exist on your local computer. Do you want to quit this connection?".

However, If I click "No", the connection proceeds anyway - and succeeds !!

Where is the security if the certificate is ignored ?

It seems to me that anyone with just the Username and Password can access the VPN

On further investigation, there is a presharedkey defined in "ipsec.conf". Now I have been playing with certificates

and had previously copied a certificate into this directory so does the certificate get cached by this (or other) files

If so does this get overridden if a new certificate, copied to the QuickVPN directory?

Further reading the help file on certificates, it seems to me that the question really means do you trust the SSL

certificate for the router retrieved from the router on connection. I am not a VPN expert but it seems to me that

this is only half the story. How does the router know the user is a valid user without a certificate from the user ?

I though that this was why you exported a certificate and placed it in the QuickVPN directory - ie to authenticate the user

What am I missing here?

Another annoyance - If I click on "Yes" to quit the connection, I am taken back to QuickVPN but there

is NO easy way to close the application. You can minimize it, but you cannot close it without Task Manager.

This is also a security issue since minimizing removes the icon from the TaskBar (I know there is an icon in the

System Tray, but the only way to determine what this icon is for is to select help) so a user assumes

the program has terminated but restarting the program merely restores the client with the password filled out.

I have this problem too.
0 votes
Correct Answer by Te-Kai Liu about 4 years 3 months ago

QuickVPN Client will use the certificate to authenticate the QuickVPN Server, which presents its certificate to the Client at the initial SSL handshake.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Te-Kai Liu Wed, 01/06/2010 - 18:48

WRV210 can generate a certificate for users to store in the QuickVPN Client install directory. To do this, go to the VPN>VPN Client Access page and scroll down to the Certificate Management section. Click on the "Generate" button.

idhamilton Wed, 01/06/2010 - 20:44

I appreciate the reply and I guess I did not state explicity that I had already done that (but did imply it when commenting about the presharedkey existing).

I still don't understand what this certificate is designed to do

1. Provide a mechanism to trust the VPN server but you can ignore it

2. Provide a mechanism for the VPN Server to authenticate the user

I suspect that it is the former and not the latter which means that VPN access is dependent solely on username/password

which is as secure as the sticky on the screen

Correct Answer
Te-Kai Liu Wed, 01/06/2010 - 21:24

QuickVPN Client will use the certificate to authenticate the QuickVPN Server, which presents its certificate to the Client at the initial SSL handshake.

idhamilton Thu, 01/07/2010 - 00:32

Thankyou for clearing that up.

It makes sense and also why you can ignore it and continue the connection.

Is there a way to generate a certificate that authenticates the user?

Actions

Login or Register to take actions

This Discussion

Posted January 6, 2010 at 4:14 PM
Stats:
Replies:5 Avg. Rating:5
Views:1818 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard