D-Link Forums
D-Link VPN Router => DSR-250 => Topic started by: PCNut4466 on September 30, 2015, 05:13:56 PM
-
My DSR-250 went through a power line burp, even though it was connected to my battery backup (along with my PC). Now I can't log into it via ethernet. I had changed the router IP address away from default setting months prior to the power burp and all was working fine. I remove the ISP connection from it and connect a different PC to it, and do ipconfig /release and /renew, and the router gives that PC an IP address . Now it responds to my connection attempts to the non-default IP address xxx.yyy.zzz.1, and, after resetting to factory defaults, to the default 192.168.10.1, with the following:
.....You have received an invalid certificate. Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate.....
Now what????
-
ink>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)
- What Hardware version is your router? Look at sticker under the router case.
- Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
- What region are you located?
Be sure to clear out any browser caches and installed browser certificates pertaining to this router if one is installed.
Do you have Java installed? What version?
-
Today I deleted the D-link certificate data shown by browser Firefox on the PC (hoping that the DSR-250 would no longer see a duplicate certificate), and tried to connect to default 192.168.10.1. The DSR-250 is still stand-alone, not connected to my ISP. Now the reply is:
An error occurred during a connection attempt to 192.168.10.1. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
If I connect the DSR WAN port to a LAN port on my ISP-connected router, the PC connected to the DSR can render internet pages. So now the DSR can act like a bridge on a subnet, but not as a WAN connected router since I can't get in to configure it.
Ideas???
-
- What Hardware version is your router? Look at sticker under the router case.
- Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
- What region are you located?
Try putting the IP address the DSR gets from the ISP Modem/Router into the modems DMZ and test.
- If the ISP modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems: Link>Double NAT (http://www.practicallynetworked.com/networking/fixing_double_nat.htm) and How NAT Works (http://computer.howstuffworks.com/nat.htm). Call the ISP and ask to see if the ISP modem can be bridged. To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged. If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ. Also check the routers DHCP IP address maybe conflicting with the ISP modems IP address of 192.168.0.1. Check to see if this is the same on the ISP modem, and if modem can't be bridged, change the DIR router to 192.168.1.1 or .0.254.
Example of a D-Link router configured for PPPoE with ISP Modem bridged: PPPoE Configuration on a Router (http://forums.dlink.com/index.php?topic=56344.msg219023#msg219023)
-
Hardware version is A2.
I can't get into the router web page to read the firmware version, or any of the settings. That's the point of the original posting.
The sticker says the firmware is 1.09B32_WW. I don't believe I ever changed the firmware. Unit has been running for over a year.
I am in Pennsylvania.
I don't believe Java or JavaScript is the problem. This same old PC was used to originally set up the DSR with a non-default IP address before installing on my network.
To clarify:
- The ISP cable modem does not have a router.
- The DSR is not connected to the ISP.
- I can't connect to the DSR internal web page.
-
Does this happen with different browsers?
Try Opera or FF? If IE 8, 9, 10 or 11, set compatibility mode and test again. (For older generation routers.)
-
Let us know if other browser exhibit the same thing, if so, I'd like you to try the following and see if you get a recovery mode page in IE or FF browser:
Disable any Pc security software temporarily.
Connect an Ethernet cable between one of the LAN ports on the rear of the router and the network port on the local PC
Configure the PC with a static IP address other than 192.168.0.1 (e.g. 192.168.0.5)
Power down the router and unplug the power cord
Press and hold the reset button on the rear of the router for 3 to 5 seconds and re-plug the power cord without releasing the reset button
Continue to hold the reset button until the amber power light keeps blinking on and off
Open a web browser and enter the following address: http://192.168.0.1/
Do you see the recovery mode page?
Do not go beyond this step please! Let us know first if you see or do not see this page.
-
Was using Firefox 40.0.1 on old XP PC. Changed to Firefox 40.0.1 on Win7 PC, still got error message.
Changed to IE on old XP PC. Now get message that certificate not valid, BUT given option to connect anyway.
Now was able to connect and get DSR UI.
Used Reset button to go to factory defaults.
Reconnected with new IP address and set up DSR for my network and my settings.
Replaced old router with DSR in my network, connected to ISP modem. Now network is OK.
Now on my network:
Still can't connect to DSR UI with Firefox 40.0.1 - get same message about weak Diffie-Hellman key.
Use IE 11. Get invalid certificate message, but use option to connect anyway, and get in to DSR UI.
Result - Not clean, but at least I can get into the UI, and backup the config.
-
Forget to mention that when I was able to connect to the DSR UI, I found that the firmware was already at 2.01_WW, so apparently I had upgraded it at some point in the past.
-
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. Please reference this thread. I beleieve there is an issue at the FW level that needs to be addressed by D-Link.
We find that phone contact has better immediate results over using email or FB> https://www.facebook.com/mydlink?fref=ts.
Let us know how it goes please.
-
I get the same issue with an inability to log on to router webadmin using Chrome and Firefox. DSR-250N has been flashed and reset with latest 2.01 A2 firmware. Only way to be able to log on is via the 2 worst browsers Safari for Mac and Internet Explorer for windows accepting security warnings that that there is a problem with this website's security certificate. Would be good if this issue gets resolved in firmware update.
-
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
I get the same issue with an inability to log on to router webadmin using Chrome and Firefox. DSR-250N has been flashed and reset with latest 2.01 A2 firmware. Only way to be able to log on is via the 2 worst browsers Safari for Mac and Internet Explorer for windows accepting security warnings that that there is a problem with this website's security certificate. Would be good if this issue gets resolved in firmware update.
-
I've had this same issue ever since I had a power outage. I have to use Microsoft Edge only to reach my DSR-250. I have a LOT of configuration so I really don't feel like resetting it and doing all that again. If you can resolve the issue with D-link support please post the resolution.
-
D-Link is working on many Cert issues. Not sure exactly if this model router is being worked on however I presume it maybe.
Its recommended to try other broswers as MS Edge may not be officially supported. IE, FF or Chrome would need to be tried and tested instead of using MS Edge. It's known not to work well with other routers.
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
I've had this same issue ever since I had a power outage. I have to use Microsoft Edge only to reach my DSR-250. I have a LOT of configuration so I really don't feel like resetting it and doing all that again. If you can resolve the issue with D-link support please post the resolution.
-
Edge works perfectly with it, Chrome and Firefox I have the same issues as the other posters. IE also works but Edge is the Win 10 browser of choice. I'll wait to ee the OP's solution, this isn't really a big issue to me as I said it works fine in Edge.
-
Im sure it will be fixed in the next FW update. Plesae be patient.
-
DSR-250 Configuring SSLVPN according to Dlink Tech Support website.
- Open a browser to https://MY_DSR_PUBLIC_IP:8443/portal/ssltest (the name I gave to the layout)
- log in, navigate to VPN page, launch VPN
- popup window appears, a msg about keeping the browser window open to preserve session
- need to confirm popup and running Java app
GETTING THE FOLLOWING ERROR:
--------------------------------------------------
"Application blocked for Security"
- Certificate has been revoked.
- The application will not be executed!
- Name: VPInstaller
- Location: https://MY_DSR_PUBLIC_IP:8443
Further, clicking 'More Information...' yields:
java.security.cert.CertificateRevokedException:
Certificate has been revoked,
reason: KEY_COMPROMISE,
revocation date: Wed Sep 02 20:00:00 EDT 2015,
authority: CN=VeriSign Class 3 Code Signing 2010 CA,
OU=Terms of use at https://www.verisign.com/rpa (c)10,
OU=VeriSign Trust Network,
O="VeriSign, Inc.",
C=US, extension OIDs
Searching around I came across a couple of news releases explaining that DLINK had inadvertently released the private-keys and passphrases for the
certificates on several of their devices. This news came out in Sept 2015, curiously corresponding to the date of the above Java exception revocation
date. I won't bother with why a firmware update hasn't been pushed out to every device ever created by DLINK, and/or why this update due to
compromised private keys isn't splashed all over the DLINK support forums and support website. But it would be nice to get this working :)
Question is: How do I install a new certificate? I'm already at the latest FW:
Hardware: A2
Firmware: 2.02B701C_WW
Any help very much appreciated.
- dharma
-
Try adding the routers IP address to Javas Security Exceptions list.