NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Marrik's avatar
Marrik
Guide
Jan 17, 2024

OpenVPN v3 on Windows 11

Hi all,

 

I have an Orbi RBS50 router (running the latest firmware) on which I activated VPN. On my iPhone I can connect just fine to it.

Now I want my laptop (Windows 11 Pro) to connect to it so I downloaded OpenVPN v3 and tried to import the "client.ovpn" file, which I exported from my router. The import fails with the message "TAP mode is not supported". 

 

I've read on the OpenVPN forum that v3 will not support TAP mode, only OpenVPN v2 supports it. So I downloaded v2 and tried to import the ovpn file again. This time that works however, when want to connect to my VPN, OpenVPN v2 says "no VPN servers found". 😬

 

So my next step was try using the default Windows 11 VPN client. This connection needs a certificate so I imported the ca and client certificates but they do not show up in the W11 VPN certificate list. 😒

 

Any ideas on how to solve this?

Thanks!

KR, Marrik

13 Replies

Replies have been turned off for this discussion
  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User

    Yes, the version of OpenVPN server on the Orbi router is so old that the default ovpn file for Windows is a tap connection.

    One solution is to modify the ovpn file and change it to a tun connection.

    client

    dev tun

    proto udp

    dev-node NETGEAR-VPN

    remote xxxxxxx.mynetgear.com 12973

    resolv-retry infinite

    nobind

    persist-key

    persist-tun

    ca ca.crt

    cert client.crt

    key client.key

    cipher AES-128-CBC

    comp-lzo

    verb 0

    sndbuf 393216

    rcvbuf 393216

    route-method exe

     

    I use both OpenVPN 2.6.8 and OpenVPN 3.4.3 on Windows.

    • Marrik's avatar
      Marrik
      Guide

      Hi CrimpOn,

       

      Thanks for the suggestion. I did try that but now OpenVPN v3 gives me this error message:

      option_error: sorry, unsuported options present in configuration: UNKNOWN/UNSUPPORTED OPTION (dev-node)

       

      The dev-node refers to "NETGEAR-VPN" and I do have a VPN network connection in my list of connections with this name.

       

      • Marrik's avatar
        Marrik
        Guide

        Okay, did some more testing based on the last reply. 

        I removed the dev-node and set the "dev" parameter to "tun".

        Now I can connect using OpenVPN v3 however, I cannot access any website (no internet) or my home network.

        So some progress but not there yet. 😁

  • Hey Marrik​. I know this is an old thread, so I'm not sure how you went with this. I was able to get OpenVPN 3.7.2 working with my Orbi. I tried multiple ways to make OpenVPN 2.x work with the router but nothing ever worked. I was able to successfully connect via the phone (also based on OpenVPN 3.x,) which is what indicated that this client should be good. Here's what I changed before importing the client.ovpn file:

    • dev tun
    • proto tcp
    • remote xxx.xxx.xxx 12973
    • Removed the following lines:
      • dev-node NETGEAR-VPN
      • resolv-retry infinite
      • persist-key
      • persist-tun

    This configuration still shows a warning regarding server-side compression reducing security. There's also a bunch of other issues with the security of this configuration which would be great change; however, the other change I could make was to change the cipher to AES-256-GCM.

     

    HTH

    • Marrik's avatar
      Marrik
      Guide

      Hi! Thanks for your reply.

      I upgraded my Orbi system and that's working without changing anytime. Works perfect with Wireguard, even better. ;)

       

      Marrik