Page 1 of 1
8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA
Posted: Sat May 18, 2019 6:42 am
by spike351
I have recently been loading a number of .ovpn files from NordVPN to try and set up OpenVPN client.
Now, when I click on the blue uploadCA link under Certificate Authority (on the VPN | OpenVPN | OpenVPN Client page) I get the message:
"Cannot add any data because the limitation is reached."
I checked the OpenVPN CA page and there are 7 key files listed.
In addition, the .key files listed on the OpenVPN CA page do not match the list in the TLS Authentication drop down list (which shows 8 files, of which only two match the files listed in OpenVPN CA).
Does anyone know why I would get this error message and, am I wrong in assuming the two .key lists should be the same? I am possibly missing something obvious here.
Re: 8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA
Posted: Sat May 18, 2019 8:24 am
by spike351
Apologies for the error, but it was not the TLS Authentication field, but the Certificate Authority field that does not match. This contains a number of .crt entries that do not match the key files.
Re: 8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA
Posted: Mon May 20, 2019 9:34 am
by billion_fan
spike351 wrote: ↑Sat May 18, 2019 8:24 am
Apologies for the error, but it was not the
TLS Authentication field, but the
Certificate Authority field that does not match. This contains a number of .crt entries that do not match the key files.
The .ovpn file that is imported contains the crt and key files,
Try removing the all the entries 'Advanced Setup >> Certificate >> Trusted CA' and OpenVPN CA, then follow the attached guide again.
If you still have issues can you send me links to the 8 .ovpn files from nords website so I can try and replicate
Re: 8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA
Posted: Tue May 21, 2019 1:43 pm
by spike351
Thank you for that suggestion. I did try that but unfortunately it did not work. Deleting any or all keys on the OpenVPN CA page did not remove the corresponding *.crt entries in the Certificate Authority drop down list on the OpenVPN Client page and the error persisted.
To try and find out what was happening, I saved the router state and then opened the XML file in a text editor. This showed that the *.crt file entries were still there (file attached… I hope).
To see what would happen I manually deleted these entries (I know editing raw XML is not recommended, but I was prepared to reset back to factory settings then restore my setup from a previous image). I then reloaded the modified XML file.
This certainly seems to have fixed my problem (no more entries in the Certificate Authority list and no error trying to add a new entry). So unless I am missing something, there may be a minor bug in the router software such that *.crt files cannot be deleted and simply accumulate until the limit (8) is reached at which point no further entries can be added.
Thanks again for the feedback.
Re: 8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA
Posted: Tue May 21, 2019 1:56 pm
by billion_fan
spike351 wrote: ↑Tue May 21, 2019 1:43 pm
Thank you for that suggestion. I did try that but unfortunately it did not work. Deleting any or all keys on the
OpenVPN CA page did not remove the corresponding
*.crt entries in the
Certificate Authority drop down list on the
OpenVPN Client page and the error persisted.
To try and find out what was happening, I saved the router state and then opened the XML file in a text editor. This showed that the
*.crt file entries were still there (file attached… I hope).
To see what would happen I manually deleted these entries (I know editing raw XML is not recommended, but I was prepared to reset back to factory settings then restore my setup from a previous image). I then reloaded the modified XML file.
This certainly seems to have fixed my problem (no more entries in the
Certificate Authority list and no error trying to add a new entry). So unless I am missing something, there may be a minor bug in the router software such that *.crt files cannot be deleted and simply accumulate until the limit (8) is reached at which point no further entries can be added.
Thanks again for the feedback.
The crt files should be listed under 'Advanced Setup >> Certificate >> Trusted CA' here you can remove the crt files (attached screen shot example)
Re: 8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA
Posted: Wed May 22, 2019 2:59 pm
by spike351
Yes, you are right. Thank you for your help. I was concentrating too much on the VPN to look at the Certificates page. Apologies for being so blind.