8900AX-2400 2.52.d36t1 Can't upload OpenVPN CA

[spike351]

I have recently been loading a number of .ovpn files from NordVPN to try and set up OpenVPN client.

Now, when I click on the blue uploadCA link under Certificate Authority (on the VPN | OpenVPN | OpenVPN Client page) I get the message:

"Cannot add any data because the limitation is reached."

I checked the OpenVPN CA page and there are 7 key files listed.

In addition, the .key files listed on the OpenVPN CA page do not match the list in the TLS Authentication drop down list (which shows 8 files, of which only two match the files listed in OpenVPN CA).

Does anyone know why I would get this error message and, am I wrong in assuming the two .key lists should be the same? I am possibly missing something obvious here.

[spike351]

Apologies for the error, but it was not the TLS Authentication field, but the Certificate Authority field that does not match. This contains a number of .crt entries that do not match the key files.

[billion_fan]

Apologies for the error, but it was not the TLS Authentication field, but the Certificate Authority field that does not match. This contains a number of .crt entries that do not match the key files.

The .ovpn file that is imported contains the crt and key files,

Try removing the all the entries 'Advanced Setup >> Certificate >> Trusted CA' and OpenVPN CA, then follow the attached guide again.

If you still have issues can you send me links to the 8 .ovpn files from nords website so I can try and replicate

[spike351]

Thank you for that suggestion. I did try that but unfortunately it did not work. Deleting any or all keys on the OpenVPN CA page did not remove the corresponding *.crt entries in the Certificate Authority drop down list on the OpenVPN Client page and the error persisted.

To try and find out what was happening, I saved the router state and then opened the XML file in a text editor. This showed that the *.crt file entries were still there (file attached… I hope).

To see what would happen I manually deleted these entries (I know editing raw XML is not recommended, but I was prepared to reset back to factory settings then restore my setup from a previous image). I then reloaded the modified XML file.

This certainly seems to have fixed my problem (no more entries in the Certificate Authority list and no error trying to add a new entry). So unless I am missing something, there may be a minor bug in the router software such that *.crt files cannot be deleted and simply accumulate until the limit (8) is reached at which point no further entries can be added.

Thanks again for the feedback.

[billion_fan]

Thank you for that suggestion. I did try that but unfortunately it did not work. Deleting any or all keys on the OpenVPN CA page did not remove the corresponding *.crt entries in the Certificate Authority drop down list on the OpenVPN Client page and the error persisted.

To try and find out what was happening, I saved the router state and then opened the XML file in a text editor. This showed that the *.crt file entries were still there (file attached… I hope).

To see what would happen I manually deleted these entries (I know editing raw XML is not recommended, but I was prepared to reset back to factory settings then restore my setup from a previous image). I then reloaded the modified XML file.

This certainly seems to have fixed my problem (no more entries in the Certificate Authority list and no error trying to add a new entry). So unless I am missing something, there may be a minor bug in the router software such that *.crt files cannot be deleted and simply accumulate until the limit (8) is reached at which point no further entries can be added.

Thanks again for the feedback.

The crt files should be listed under 'Advanced Setup >> Certificate >> Trusted CA' here you can remove the crt files (attached screen shot example)

[spike351]

Yes, you are right. Thank you for your help. I was concentrating too much on the VPN to look at the Certificates page. Apologies for being so blind.