01-06-2010 04:14 PM
I have a WRV210 Router with the latest firmware (2.0.0.11) and QuickVPN (1.3.0.3). Apart from the very annoying fact that Windows 7 is not support (I can get around that by using virtual machines running XP), I have a problem with certificates.
There is NO certificate in the QuickVPN directory
If I start QuickVPN it gives the error - "Server's certificate doesn't exist on your local computer. Do you want to quit this connection?".
However, If I click "No", the connection proceeds anyway - and succeeds !!
Where is the security if the certificate is ignored ?
It seems to me that anyone with just the Username and Password can access the VPN
On further investigation, there is a presharedkey defined in "ipsec.conf". Now I have been playing with certificates
and had previously copied a certificate into this directory so does the certificate get cached by this (or other) files
If so does this get overridden if a new certificate, copied to the QuickVPN directory?
Further reading the help file on certificates, it seems to me that the question really means do you trust the SSL
certificate for the router retrieved from the router on connection. I am not a VPN expert but it seems to me that
this is only half the story. How does the router know the user is a valid user without a certificate from the user ?
I though that this was why you exported a certificate and placed it in the QuickVPN directory - ie to authenticate the user
What am I missing here?
Another annoyance - If I click on "Yes" to quit the connection, I am taken back to QuickVPN but there
is NO easy way to close the application. You can minimize it, but you cannot close it without Task Manager.
This is also a security issue since minimizing removes the icon from the TaskBar (I know there is an icon in the
System Tray, but the only way to determine what this icon is for is to select help) so a user assumes
the program has terminated but restarting the program merely restores the client with the password filled out.
Solved! Go to Solution.
01-06-2010 09:24 PM
QuickVPN Client will use the certificate to authenticate the QuickVPN Server, which presents its certificate to the Client at the initial SSL handshake.
01-06-2010 06:48 PM
WRV210 can generate a certificate for users to store in the QuickVPN Client install directory. To do this, go to the VPN>VPN Client Access page and scroll down to the Certificate Management section. Click on the "Generate" button.
01-06-2010 08:44 PM
I appreciate the reply and I guess I did not state explicity that I had already done that (but did imply it when commenting about the presharedkey existing).
I still don't understand what this certificate is designed to do
1. Provide a mechanism to trust the VPN server but you can ignore it
2. Provide a mechanism for the VPN Server to authenticate the user
I suspect that it is the former and not the latter which means that VPN access is dependent solely on username/password
which is as secure as the sticky on the screen
01-06-2010 09:24 PM
QuickVPN Client will use the certificate to authenticate the QuickVPN Server, which presents its certificate to the Client at the initial SSL handshake.
01-07-2010 12:32 AM
Thankyou for clearing that up.
It makes sense and also why you can ignore it and continue the connection.
Is there a way to generate a certificate that authenticates the user?
01-11-2010 03:38 AM
No
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: