• June 30, 2022, 06:24:57 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DSR-250 sends wrong certificate for IPsec RSA VPN  (Read 3544 times)

train_wreck

  • Level 1 Member
  • *
  • Posts: 3
DSR-250 sends wrong certificate for IPsec RSA VPN
« on: January 24, 2017, 11:58:24 PM »

In setting up site-to-site with certificates from a self-signed CA, I have noticed that the D-Link device is sending its own internal certificate instead of the one that is generated through the IPsec configuration pages (the CA & gateway cert both show as valid on those pages, and the Device Logs show no error in reading them.)

When connecting to a Netgear FVS336G for example, the following output is shown on that device:

Code: [Select]
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] INFO:  Sending Informational Exchange: notify payload[INVALID-CERT-AUTHORITY]
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] ERROR:  the peer's certificate is not verified.
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] ERROR:  self signed certificate(18) at depth:0 SubjectName:/CN=dsr.dlink.com.tw/OU=Certificate for DSR (Self-Signed)/O=D-Link Corporation/C=TW/ST=Taiwan/L=Taipei

The CSR is generated on the D-Link device as an "IPsec cert", and the CA & gateway certs are RSA2048 signed with SHA1.

So is cert VPN broken here? I would post the logs, but attempting to do so causes parsing errors on the forum & won't let me post.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49916
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250 sends wrong certificate for IPsec RSA VPN
« Reply #1 on: January 25, 2017, 08:51:35 AM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

train_wreck

  • Level 1 Member
  • *
  • Posts: 3
Re: DSR-250 sends wrong certificate for IPsec RSA VPN
« Reply #2 on: January 25, 2017, 03:54:53 PM »

HW: A3
FW: 2.11_WW
Region: USA
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49916
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250 sends wrong certificate for IPsec RSA VPN
« Reply #3 on: February 02, 2017, 09:20:52 AM »

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

train_wreck

  • Level 1 Member
  • *
  • Posts: 3
Re: DSR-250 sends wrong certificate for IPsec RSA VPN
« Reply #4 on: February 02, 2017, 10:51:28 PM »

OK. I suppose there are no D-LInk employees that read this forum?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49916
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250 sends wrong certificate for IPsec RSA VPN
« Reply #5 on: February 03, 2017, 06:36:28 AM »

Infrequently if at all.  ::)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.