OpenVPN CA

SPAU00 · Post by **SPAU00** » Sun Dec 20, 2020 1:25 am

Is it possible to replace the Billion default OpenVPN CA for the purpose of OpenVPN server? If so how is this done. On this page a new certificate can be pasted over the default CA but this doesn't save. So how do we get a unique certificate into the router for OpenVPN server. Adding certificates on the certificates page does not change the OpenVPN CA.

Post by **billion_fan** » Mon Dec 21, 2020 10:51 am

SPAU00 wrote: ↑Sun Dec 20, 2020 1:25 am Is it possible to replace the Billion default OpenVPN CA for the purpose of OpenVPN server? If so how is this done. On this page a new certificate can be pasted over the default CA but this doesn't save. So how do we get a unique certificate into the router for OpenVPN server. Adding certificates on the certificates page does not change the OpenVPN CA.

I'll check with our engineers and get back to you.

Post by **billion_fan** » Tue Dec 22, 2020 9:02 am

billion_fan wrote: ↑Mon Dec 21, 2020 10:51 am
SPAU00 wrote: ↑Sun Dec 20, 2020 1:25 am Is it possible to replace the Billion default OpenVPN CA for the purpose of OpenVPN server? If so how is this done. On this page a new certificate can be pasted over the default CA but this doesn't save. So how do we get a unique certificate into the router for OpenVPN server. Adding certificates on the certificates page does not change the OpenVPN CA.
I'll check with our engineers and get back to you.

After checking with our engineers the default OpenVPN CA can not be adjusted.

SPAU00 · Post by **SPAU00** » Wed Dec 23, 2020 12:59 am

billion_fan wrote: ↑Tue Dec 22, 2020 9:02 am
billion_fan wrote: ↑Mon Dec 21, 2020 10:51 am
SPAU00 wrote: ↑Sun Dec 20, 2020 1:25 am Is it possible to replace the Billion default OpenVPN CA for the purpose of OpenVPN server? If so how is this done. On this page a new certificate can be pasted over the default CA but this doesn't save. So how do we get a unique certificate into the router for OpenVPN server. Adding certificates on the certificates page does not change the OpenVPN CA.
I'll check with our engineers and get back to you.
After checking with our engineers the default OpenVPN CA can not be adjusted.

Thanks for checking.
I own several billion routers located in various locations. The system OpenVPN CA is identical on all VPN routers so is basically a public certificate making the OpenVPN Server extremely vulnerable. I don't see why the server should work any differently than the client side of things where you can select your uploaded CA's, keys etc.

Post by **billion_fan** » Wed Dec 23, 2020 10:56 am

SPAU00 wrote: ↑Wed Dec 23, 2020 12:59 am
billion_fan wrote: ↑Tue Dec 22, 2020 9:02 am
billion_fan wrote: ↑Mon Dec 21, 2020 10:51 am

I'll check with our engineers and get back to you.
After checking with our engineers the default OpenVPN CA can not be adjusted.
Thanks for checking.
I own several billion routers located in various locations. The system OpenVPN CA is identical on all VPN routers so is basically a public certificate making the OpenVPN Server extremely vulnerable. I don't see why the server should work any differently than the client side of things where you can select your uploaded CA's, keys etc.

I'll pass on your suggestions to our engineers

adeux001 · Post by **adeux001** » Mon Jan 11, 2021 12:41 pm

+1 to this request

obalik · Post by **obalik** » Tue Jan 19, 2021 12:42 pm

I want to same request for suggest

Post by **billion_fan** » Tue Jan 19, 2021 2:47 pm

obalik wrote: ↑Tue Jan 19, 2021 12:42 pm I want to same request for suggest

I've checked with our engineers again and they stated the following

1. Although each 8900AX-2400 uses the same “Root CA” , but the OpenVPN Server settings for each 8900AX-2400 device will be different i.e.: Cipher Encryption and HMAC Authentication.

2. Also our BiPAC 8900AX-2400 OpenVPN Server using the VPN Account for authentication.

SPAU00 · Post by **SPAU00** » Wed Jan 20, 2021 3:19 am

billion_fan wrote: ↑Tue Jan 19, 2021 2:47 pm
obalik wrote: ↑Tue Jan 19, 2021 12:42 pm I want to same request for suggest
I've checked with our engineers again and they stated the following

1. Although each 8900AX-2400 uses the same “Root CA” , but the OpenVPN Server settings for each 8900AX-2400 device will be different i.e.: Cipher Encryption and HMAC Authentication.

2. Also our BiPAC 8900AX-2400 OpenVPN Server using the VPN Account for authentication.

Thanks for your reply.

OpenVPN account password is encrypted yes but this isn't utilizing OpenVPN security.

Consider this scenario....

You want to connect to a remote Billion router network through OpenVPN with no remote host computer. You would need to use the Billion Root CA certificate as client (which is a public certificate) because the remote Billion Root CA cannot be replaced.

The Billion Root CA is useless leaving only password security which isn't what OpenVPN is about.

The client side of the Billion router for OpenVPN is customizable and as mentioned previously, I don't see why the server side should work any differently which would give Billion customers connection options fully utilizing OpenVPN security.

nightcustard · Post by **nightcustard** » Wed Jan 20, 2021 1:40 pm

After I read through this thread, I disabled the Billion OpenVPN server and reverted to another device on my network where you can change the root cert. I'm no security expert but surely a cooked-in certificate is a big 'no no'?

Billion UK Forum

OpenVPN CA

OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA

Re: OpenVPN CA