NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Can't authenticate to corporate VPN (or outlook web email) using RBR50
When trying to authenticate to my work VPN, I have to switch to a hotspot from my phone. Once the connection has been made, I can switch back to wifi, and the connection is fine. I have a simila...
Most VPNs have a configuration file stored locally. (OpenVPN, for example, calls theirs *.ovpn files. In the config file is an IP or a URL which is used to locate the VPN server. Because most residential internet accounts are provided with dynamic IP addresses (so the ISP can change them now and then), it is really common to set up a Dynamic DNS account which translates a URL into the current IP address the server. When we configure our Orbi routers to act as OpenDNS servers, for example, Netgear has us select from one of three DDNS providers (Netgear, No-IP.com, or Dyn.com). That is because every DDNS service uses a unique mechanism to synchronize the customer's public IP address with their database when the ISP changes it. It would be impractical to write software to accommodate every DDNS service, so Netgear picked only three. Most corporations pay for a static public IP address to avoid having to deal with ISP changes.
There is definitely a potential issue with overlapping IP addresses because they can confuse the client computer. When corporations set up a private IP address space for their network, they tend to avoid using 192.168.x.x and 10.0.0.x because those private spaces are used by nearly every residential router network. There have been posts on the forum from users who want to make VPN connections to two different family networks at the same time and are frustrated because both family networks have the same IP space, usually 192.168.1.x Not likely to be an issue confronting you in this specific situation.
This is an area where the "nerd tools" people like me would use are not well-suited to the general public. My approach would be to set up Wireshark to capture every packet sent through the Windows VPN adapter or the actual WiFi adapter. This would make a record of where the computer tried to communicate with. The actual communications will be encrypted, but the pattern should indicate the pattern of communications.
The IT guys had no suggestions?
No real suggestions, no.
When trying to connect to the VPN, the first thing it does is redirect to an authentication site. I cannot hit that site via a URL while using my home network. It times out with no response.
That's true whether I use the "alpha" format xxx.xxxx.com/xxx that would go through DNS, or if I use an IP address n.n.nnn.nn/xxx. (n being numeric).
I suppose I could hardwire my laptop to my cable modem to see if Spectrum is blocking that address. But I seriously doubt that's the issue. I guess I could ask around, but there aren't enough high speed internet providers in town for no one else to have that same problem if it were due to my ISP. Which leaves the network. And he's got no suggestions for that.
I did find one similar thread here. The solution was supposedly "enabling VPN" on the Orbi router. But ... that's to allow you to VPN from outside to in, no? Why in the hell would that be needed? I'm stumped. I'm IT, but more of a database design / programmer guy than networking expert.
The other thread I was referencing.
Does the authentication site respond to ICMP ('ping')?
With no Armor and no Parental Controls, the Orbi should not block any web connection.
There should be no issue with connecting directly to the ISP modem (except losing internet throughout the entire house temporarily). I think your assumption that the ISP is not blocking the connection will be validated, but it never hurts to try.