NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Is there a way to get the VPN to connect with the primary (not guest) network?
I find the built-in VPN to be very useful for personal network security when on shared/public networks -- and when traveling internationally (I appear to be home, which is what I want). However, I'd...
You are the first person to report that Orbi's guest network is on a separate subnet from the main network. See post #1 and many other posts in the below thread.
I switched my Orbi to router mode just to test, and confirmed that for my Orbi the guest network is on the same subnet as the main network. In my case the Orbi is at 192.168.1.1 and the guest gets an IP of 192.168.1.5, which is on the same subnet. This is what I mean by "Orbi does not have a separate guest network." Yes, there is a separate SSID, but all clients are on the same subnet.
Furthermore, there is no setting in Orbi that I see that allows one to choose a different subnet for the guest network.
So, either you are using a different router than Orbi, you are using some new unreleased firmware, or there is something misconfigured with your network.
Where is the Orbi setup page where you can set a different IP for the guest network?
What firmware version are you running?
@st_shaw, thank you for responding.
I don’t understand what you mean by “Orbi does not have a separate guest network?” I know that here is an entire section on setting one up in the manual you linked (in Chapter 6). I’ve established a guest network (different IP address, different SSID, different WPA2 password) so visiting friends can use my ISP but do not have access to my internal services.
The answer to your question “So what are you seeing that makes you believe the VPN is attaching to a guest network?” is that the apparent VPN LAN subnet address matches that of my guest network — which differs from that of my primary network (and the local LAN I was tunneling in from).
I’ve been through the the manual (several times) — which is fairly thin on VPN technical details (spends a lot of time on elementary step-by-step for client setup). I use a fairly non-standard number for the third octet on my LANs (and the primary network and the guest networks differ by one), and not the default. The probability of a collision is small (one out of 254 for a Class C private network, and zero if its Class A or B). I know for sure that the “the LAN IP scheme” isn’t the issue.
Since my guest network can’t route to my primary network (by design), having the VPN tunnel terminate on the guest network prevents me from accessing services. Being on separate subnet is a non-problem when they are routed, but the point of a guest network is to keep untrusted devices away from the “inner sanctum,” so that isolation (not routing between them) is intentional. If the VPN setup in the Orbi gave us a choice of having the tunnel land in one or the other, I’d be able to do what I want.
Aside: I’m not using any Windows devices, so Windows firewall is not part of the equation.
@Jeremyinsf, I quite agree with your assessment of the situation.
Thanks to all who responded. It would be great if someone form Netgear weighed in.
You are the first person to report that Orbi's guest network is on a separate subnet from the main network. See post #1 and many other posts in the below thread.
I switched my Orbi to router mode just to test, and confirmed that for my Orbi the guest network is on the same subnet as the main network. In my case the Orbi is at 192.168.1.1 and the guest gets an IP of 192.168.1.5, which is on the same subnet. This is what I mean by "Orbi does not have a separate guest network." Yes, there is a separate SSID, but all clients are on the same subnet.
Furthermore, there is no setting in Orbi that I see that allows one to choose a different subnet for the guest network.
So, either you are using a different router than Orbi, you are using some new unreleased firmware, or there is something misconfigured with your network.
Where is the Orbi setup page where you can set a different IP for the guest network?
What firmware version are you running?
st_shaw I accidentally hit the “solved” button here, don’t know how to de-select it. This is not solved.
Milne is a standard-issue RBK50 set (one RBR50 base, one RBS50 satellite) running the standard firmeware that was released a couple of weeks ago.
One doesnt’t manually set the guest subnet. In the case where the the option to “Allow guests to see each other and access my local network” is de-selected (see p78 of the manual), the Orbi automatically creates the guest network on a different subnet, apparently incrementing the base subnet IP address by one (e.g., if the primary subnet is 192.168.200.0/24, the guest subnet will be 192.168.201.0/24). That’s what I’m seeing. In effect, when I VPN in, my remote device gets the address (in this example) of 192.168.200.5 with a 24-bit subnet.
I’m not making this up.
Stev3D wrote:
In the case where the the option to “Allow guests to see each other and access my local network” is de-selected (see p78 of the manual), the Orbi automatically creates the guest network on a different subnet, apparently incrementing the base subnet IP address by one (e.g., if the primary subnet is 192.168.200.0/24, the guest subnet will be 192.168.201.0/24). That’s what I’m seeing. In effect, when I VPN in, my remote device gets the address (in this example) of 192.168.200.5 with a 24-bit subnet.
I’m not making this up.
I have the "allow guests to see each other..." de-selected. The behavior you describe is not what I am seeing. The router is at 192.168.1.1 the guests are at 192.168.1.X.
Are you sure you don't have a second router, or a second AP other than Orbi that's your "guest" network, or a second DHCP server somewhere on your network? That's about the only thing I can imagine that would describe what you are seeing: two subnets and having the VPN blocked.
Do you have some IP addresses hardcoded into your devices?
What devices are in your network and what's the topology?
The behavior you describe is not normal. I would look for causes other than Orbi first. If you can definitively rule those out, then I would try a hard reset of Orbi.
I de-selected the option so it matches yours, but I still get the same behavior. It increases the subnet (3rd octet) by one digit for VPN clients.
There is no other router (no other DHCP server), etc etc etc.