Strange I tested the firmware here before release and it upgraded correctly with the progress bar,nightcustard wrote: ↑Sun Mar 14, 2021 10:44 am Ah yes! Thanks BF - I'd forgotten there is an option to retain current settings. Always wise to make a backup though
I've applied the firmware update, changed the cipher encryption and HMAC auth from the defaults and renewed the certificate (which did change).
The firmware update process seemed a little odd though - I thought you should see a progress bar after pressing 'Upgrade' but the router's admin page gave no indication the router was undergoing the update other than after a while being replaced by a frowning smiley and the message 'Invalid response'. However, after my blood pressure had increased slightly, normal function was restored and all now appears well.
OpenVPN CA
-
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: OpenVPN CA
-
- Posts: 68
- Joined: Sat Nov 03, 2012 2:50 pm
Re: OpenVPN CA
One of life's many mysteries, I suppose. I should have mentioned I was installing over 2.52.d46
Regards, Mike
Regards, Mike
-
- Posts: 39
- Joined: Mon Oct 28, 2019 8:35 am
Re: OpenVPN CA
So I've taken a look at the latest firmware with the implementation of users being able to generate random CA's on OpenVPN server and note the following....
A random generated CA doesn't appear to have extended key usage so cannot be used for TLS Web Server Authentication. The default CA which is the same CA as previous firmware and the same public CA on all Billion VPN routers does have extended key usage and can be used for TLS Web Server Authentication.
I'll go back to my question earlier in the post. Why can't the OpenVPN server use an imported user CA from the trusted certificates page in exactly the same way as the OpenVPN client works??
A random generated CA doesn't appear to have extended key usage so cannot be used for TLS Web Server Authentication. The default CA which is the same CA as previous firmware and the same public CA on all Billion VPN routers does have extended key usage and can be used for TLS Web Server Authentication.
I'll go back to my question earlier in the post. Why can't the OpenVPN server use an imported user CA from the trusted certificates page in exactly the same way as the OpenVPN client works??
-
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: OpenVPN CA
I'll pass over your comments to our engineers,SPAU00 wrote: ↑Thu Aug 19, 2021 11:59 am So I've taken a look at the latest firmware with the implementation of users being able to generate random CA's on OpenVPN server and note the following....
A random generated CA doesn't appear to have extended key usage so cannot be used for TLS Web Server Authentication. The default CA which is the same CA as previous firmware and the same public CA on all Billion VPN routers does have extended key usage and can be used for TLS Web Server Authentication.
I'll go back to my question earlier in the post. Why can't the OpenVPN server use an imported user CA from the trusted certificates page in exactly the same way as the OpenVPN client works??
-
- Posts: 1
- Joined: Mon Jun 18, 2012 12:48 pm
Re: OpenVPN CA
Can confirm there was no progress bar for me when upgrading. It only popped up when I nervously clicked update again and said it was already in progress.
Have to say wifi performance is poor compared to previous firmware version, often drops outs with my iPhone 11 Pro and iPhone 12 Pro.
Have to say wifi performance is poor compared to previous firmware version, often drops outs with my iPhone 11 Pro and iPhone 12 Pro.
-
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: OpenVPN CA
What wireless bands are your iphones connecting too? Have you tried using d50 fw (found here http://www.forum.billion.uk.com/viewtop ... 7&start=20)rirawin wrote: ↑Thu Aug 19, 2021 10:51 pm Can confirm there was no progress bar for me when upgrading. It only popped up when I nervously clicked update again and said it was already in progress.
Have to say wifi performance is poor compared to previous firmware version, often drops outs with my iPhone 11 Pro and iPhone 12 Pro.
-
- Posts: 39
- Joined: Mon Oct 28, 2019 8:35 am
Re: OpenVPN CA
Are we able to keep this post on topic?
-
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
-
- Posts: 39
- Joined: Mon Oct 28, 2019 8:35 am
Re: OpenVPN CA
Latest release of OpenVpn now considers billion built in CA's which uses SHA1 algorithm too weak and should be updated to SHA2.billion_fan wrote: ↑Fri Aug 20, 2021 10:48 amYes lets keep this post on topic, if anyone else has unrelated comments to this topic regarding this firmware release, please submit a new post![]()
The latest release of OpenVpn will now not connect to Billion routers using the built in CA's which isn't optional.
-
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: OpenVPN CA
Let me check with our engineersSPAU00 wrote: ↑Wed Feb 08, 2023 12:49 amLatest release of OpenVpn now considers billion built in CA's which uses SHA1 algorithm too weak and should be updated to SHA2.billion_fan wrote: ↑Fri Aug 20, 2021 10:48 amYes lets keep this post on topic, if anyone else has unrelated comments to this topic regarding this firmware release, please submit a new post![]()
The latest release of OpenVpn will now not connect to Billion routers using the built in CA's which isn't optional.