Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[train_wreck]

In setting up site-to-site with certificates from a self-signed CA, I have noticed that the D-Link device is sending its own internal certificate instead of the one that is generated through the IPsec configuration pages (the CA & gateway cert both show as valid on those pages, and the Device Logs show no error in reading them.)

When connecting to a Netgear FVS336G for example, the following output is shown on that device:

Code: [Select]

Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] INFO:  Sending Informational Exchange: notify payload[INVALID-CERT-AUTHORITY]
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] ERROR:  the peer's certificate is not verified.
Wed Jan 25 01:50:48 2017 (GMT -0600): [FVS336GV3] [IKE] ERROR:  self signed certificate(18) at depth:0 SubjectName:/CN=dsr.dlink.com.tw/OU=Certificate for DSR (Self-Signed)/O=D-Link Corporation/C=TW/ST=Taiwan/L=Taipei
The CSR is generated on the D-Link device as an "IPsec cert", and the CA & gateway certs are RSA2048 signed with SHA1.

So is cert VPN broken here? I would post the logs, but attempting to do so causes parsing errors on the forum & won't let me post.

[FurryNutz]

Link>Welcome!

• What Hardware version is your router? Look at sticker under the router case.
• Link>What Firmware version is currently loaded? Found on the routers web page under status.
• What region are you located?

[train_wreck]

HW: A3
FW: 2.11_WW
Region: USA

[FurryNutz]

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

[train_wreck]

OK. I suppose there are no D-LInk employees that read this forum?

[FurryNutz]

Infrequently if at all.