NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

pandabe4r's avatar
pandabe4r
Tutor
Oct 09, 2021
Solved

OpenVPN client issues / cannot connect remotely / Orbi RBR850

I have a weird issue trying to set up the VPN service my new Orbi RBR850 router. Here's what I have configured so far, following the guide found here: I have enabled the VPN service under Advanced...
  • pandabe4r's avatar
    pandabe4r
    Oct 09, 2021

    SOLVED!

     

    So I decided to go with the latest OpenVPN Connect client that exclusively uses TUN.
    https://openvpn.net/downloads/openvpn-connect-v3-windows.msi

     

    I then edited the .ovpn config file before importing to change the default to TUN and the port to 12973. See below. 

     

    After importing, I connected just fine and am able to connect to all my devices, RDP, and browse internet. 

     

    Don't know why Orbi's instructions point to the older 2.5 client, but the latest version is the way to go.

     

    client
    dev tun
    proto udp
    sndbuf 393216
    rcvbuf 393216
    push "sndbuf 393216"
    push "rcvbuf 393216"
    dev-node NETGEAR-VPN
    remote XXXXXXX.mynetgear.com 12973
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    cipher AES-128-CBC
    comp-lzo
    verb 0

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Oct 09, 2021

Another "gotcha" in the tap/tun situation is that it is essential that the device running OpenVPN not have an IP address in the same subnet as the Orbi LAN.  Imagine this:

 

  • A computer is connected to the LAN network of a router and is assigned an IP address of 192.168.1.x1 with subnet mask 255.255.255.0
  • OpenVPN is run on the computer and connected to a tap connection on the Orbi router. Orbi assigns an IP address of 192.168.1.x2 with a subnet mask of 255.255.255.0
  • Where is subnet 192.168.1.x?  Is it on the native ethernet/WiFi port where the computer is 192.168.1.x1, or is it on the OpenVPN port where the computer has IP address 192.168.1.x2?

For me, this has never been an issue because I typically connect to a Hot Spot on my phone, which hands out 192.168.43.x IP addresses.  All subnets from 0 through 254 are valid private IP addresses.  Maybe some engineer was thining ahead, "what if someone attempts to open a VPN on this phone's Hot Spot?"  Or, maybe just dumb luck.

 

So, when OpenVPN was tested remotely, what was it connected to?  What IP address did it have?

pandabe4r's avatar
pandabe4r
Tutor
Oct 09, 2021

SOLVED!

 

So I decided to go with the latest OpenVPN Connect client that exclusively uses TUN.
https://openvpn.net/downloads/openvpn-connect-v3-windows.msi

 

I then edited the .ovpn config file before importing to change the default to TUN and the port to 12973. See below. 

 

After importing, I connected just fine and am able to connect to all my devices, RDP, and browse internet. 

 

Don't know why Orbi's instructions point to the older 2.5 client, but the latest version is the way to go.

 

client
dev tun
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
dev-node NETGEAR-VPN
remote XXXXXXX.mynetgear.com 12973
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 0