D-Link Forums
D-Link VPN Router => DSR-250 => Topic started by: train_wreck on January 24, 2017, 11:58:24 PM
-
In setting up site-to-site with certificates from a self-signed CA, I have noticed that the D-Link device is sending its own internal certificate instead of the one that is generated through the IPsec configuration pages (the CA & gateway cert both show as valid on those pages, and the Device Logs show no error in reading them.)
When connecting to a Netgear FVS336G for example, the following output is shown on that device:
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] INFO: Sending Informational Exchange: notify payload[INVALID-CERT-AUTHORITY]
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] ERROR: the peer's certificate is not verified.
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] ERROR: self signed certificate(18) at depth:0 SubjectName:/CN=dsr.dlink.com.tw/OU=Certificate for DSR (Self-Signed)/O=D-Link Corporation/C=TW/ST=Taiwan/L=Taipei
The CSR is generated on the D-Link device as an "IPsec cert", and the CA & gateway certs are RSA2048 signed with SHA1.
So is cert VPN broken here? I would post the logs, but attempting to do so causes parsing errors on the forum & won't let me post.
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)
- What Hardware version is your router? Look at sticker under the router case.
- Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
- What region are you located?
-
HW: A3
FW: 2.11_WW
Region: USA
-
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
-
OK. I suppose there are no D-LInk employees that read this forum?
-
Infrequently if at all. ::)