cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2908
Views
0
Helpful
5
Replies

QuickVPN and WRV210 certificates ignored

idhamilton
Level 1
Level 1

I have a WRV210 Router with the latest firmware (2.0.0.11) and QuickVPN (1.3.0.3). Apart from the very annoying fact that Windows 7 is not support (I can get around that by using virtual machines running XP), I have a problem with certificates.

There is NO certificate in the QuickVPN directory

If I start QuickVPN it gives the error - "Server's certificate doesn't exist on your local computer. Do you want to quit this connection?".

However, If I click "No", the connection proceeds anyway - and succeeds !!

Where is the security if the certificate is ignored ?

It seems to me that anyone with just the Username and Password can access the VPN

On further investigation, there is a presharedkey defined in "ipsec.conf". Now I have been playing with certificates

and had previously copied a certificate into this directory so does the certificate get cached by this (or other) files

If so does this get overridden if a new certificate, copied to the QuickVPN directory?

Further reading the help file on certificates, it seems to me that the question really means do you trust the SSL

certificate for the router retrieved from the router on connection. I am not a VPN expert but it seems to me that

this is only half the story. How does the router know the user is a valid user without a certificate from the user ?

I though that this was why you exported a certificate and placed it in the QuickVPN directory - ie to authenticate the user

What am I missing here?

Another annoyance - If I click on "Yes" to quit the connection, I am taken back to QuickVPN but there

is NO easy way to close the application. You can minimize it, but you cannot close it without Task Manager.

This is also a security issue since minimizing removes the icon from the TaskBar (I know there is an icon in the

System Tray, but the only way to determine what this icon is for is to select help) so a user assumes

the program has terminated but restarting the program merely restores the client with the password filled out.

1 Accepted Solution

Accepted Solutions

QuickVPN Client will use the certificate to authenticate the QuickVPN Server, which presents its certificate to the Client at the initial SSL handshake.

View solution in original post

5 Replies 5

Te-Kai Liu
Level 7
Level 7

WRV210 can generate a certificate for users to store in the QuickVPN Client install directory. To do this, go to the VPN>VPN Client Access page and scroll down to the Certificate Management section. Click on the "Generate" button.

I appreciate the reply and I guess I did not state explicity that I had already done that (but did imply it when commenting about the presharedkey existing).

I still don't understand what this certificate is designed to do

1. Provide a mechanism to trust the VPN server but you can ignore it

2. Provide a mechanism for the VPN Server to authenticate the user

I suspect that it is the former and not the latter which means that VPN access is dependent solely on username/password

which is as secure as the sticky on the screen

QuickVPN Client will use the certificate to authenticate the QuickVPN Server, which presents its certificate to the Client at the initial SSL handshake.

Thankyou for clearing that up.

It makes sense and also why you can ignore it and continue the connection.

Is there a way to generate a certificate that authenticates the user?

No

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: