Page 3 of 6
Re: OpenVPN CA
Posted: Mon Mar 15, 2021 9:12 am
by billion_fan
nightcustard wrote: ↑Sun Mar 14, 2021 10:44 am
Ah yes! Thanks BF - I'd forgotten there is an option to retain current settings. Always wise to make a backup though
I've applied the firmware update, changed the cipher encryption and HMAC auth from the defaults and renewed the certificate (which did change).
The firmware update process seemed a little odd though - I thought you should see a progress bar after pressing 'Upgrade' but the router's admin page gave no indication the router was undergoing the update other than after a while being replaced by a frowning smiley and the message 'Invalid response'. However, after my blood pressure had increased slightly, normal function was restored and all now appears well.
Strange I tested the firmware here before release and it upgraded correctly with the progress bar,
Re: OpenVPN CA
Posted: Thu Mar 18, 2021 9:57 am
by nightcustard
One of life's many mysteries, I suppose. I should have mentioned I was installing over 2.52.d46
Regards, Mike
Re: OpenVPN CA
Posted: Thu Aug 19, 2021 11:59 am
by SPAU00
So I've taken a look at the latest firmware with the implementation of users being able to generate random CA's on OpenVPN server and note the following....
A random generated CA doesn't appear to have extended key usage so cannot be used for TLS Web Server Authentication. The default CA which is the same CA as previous firmware and the same public CA on all Billion VPN routers does have extended key usage and can be used for TLS Web Server Authentication.
I'll go back to my question earlier in the post. Why can't the OpenVPN server use an imported user CA from the trusted certificates page in exactly the same way as the OpenVPN client works??
Re: OpenVPN CA
Posted: Thu Aug 19, 2021 4:55 pm
by billion_fan
SPAU00 wrote: ↑Thu Aug 19, 2021 11:59 am
So I've taken a look at the latest firmware with the implementation of users being able to generate random CA's on OpenVPN server and note the following....
A random generated CA doesn't appear to have extended key usage so cannot be used for TLS Web Server Authentication. The default CA which is the same CA as previous firmware and the same public CA on all Billion VPN routers does have extended key usage and can be used for TLS Web Server Authentication.
I'll go back to my question earlier in the post. Why can't the OpenVPN server use an imported user CA from the trusted certificates page in exactly the same way as the OpenVPN client works??
I'll pass over your comments to our engineers,
Re: OpenVPN CA
Posted: Thu Aug 19, 2021 10:51 pm
by rirawin
Can confirm there was no progress bar for me when upgrading. It only popped up when I nervously clicked update again and said it was already in progress.
Have to say wifi performance is poor compared to previous firmware version, often drops outs with my iPhone 11 Pro and iPhone 12 Pro.
Re: OpenVPN CA
Posted: Fri Aug 20, 2021 9:16 am
by billion_fan
rirawin wrote: ↑Thu Aug 19, 2021 10:51 pm
Can confirm there was no progress bar for me when upgrading. It only popped up when I nervously clicked update again and said it was already in progress.
Have to say wifi performance is poor compared to previous firmware version, often drops outs with my iPhone 11 Pro and iPhone 12 Pro.
What wireless bands are your iphones connecting too? Have you tried using d50 fw (found here
http://www.forum.billion.uk.com/viewtop ... 7&start=20)
Re: OpenVPN CA
Posted: Fri Aug 20, 2021 10:22 am
by SPAU00
Are we able to keep this post on topic?
Re: OpenVPN CA
Posted: Fri Aug 20, 2021 10:48 am
by billion_fan
SPAU00 wrote: ↑Fri Aug 20, 2021 10:22 am
Are we able to keep this post on topic?
Yes lets keep this post on topic, if anyone else has unrelated comments to this topic regarding this firmware release, please submit a new post
Re: OpenVPN CA
Posted: Wed Feb 08, 2023 12:49 am
by SPAU00
billion_fan wrote: ↑Fri Aug 20, 2021 10:48 am
SPAU00 wrote: ↑Fri Aug 20, 2021 10:22 am
Are we able to keep this post on topic?
Yes lets keep this post on topic, if anyone else has unrelated comments to this topic regarding this firmware release, please submit a new post
Latest release of OpenVpn now considers billion built in CA's which uses SHA1 algorithm too weak and should be updated to SHA2.
The latest release of OpenVpn will now not connect to Billion routers using the built in CA's which isn't optional.
Re: OpenVPN CA
Posted: Wed Feb 08, 2023 9:40 am
by billion_fan
SPAU00 wrote: ↑Wed Feb 08, 2023 12:49 am
billion_fan wrote: ↑Fri Aug 20, 2021 10:48 am
SPAU00 wrote: ↑Fri Aug 20, 2021 10:22 am
Are we able to keep this post on topic?
Yes lets keep this post on topic, if anyone else has unrelated comments to this topic regarding this firmware release, please submit a new post
Latest release of OpenVpn now considers billion built in CA's which uses SHA1 algorithm too weak and should be updated to SHA2.
The latest release of OpenVpn will now not connect to Billion routers using the built in CA's which isn't optional.
Let me check with our engineers