NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi CBR 750 with OpenVPN for home setup?
Hello,
I got some great help from Netgear on my OpenVPN install. It's up and running on my Orbi.
Next step is to install certificate authentication to secure the connection. Does anyone have experience with this step? I cannot find anything on the community pages here.
Thanks in advance,
J
14 Replies
Netgear has set up a community forum specifically for the Cable Modem products. Most of the people who watch that forum are more likely to have experience with Cable modems and know how to work it better than those of us who follow this router forum. Might be more likely to find someone who has a solution if the question is posted there:
https://community.netgear.com/t5/Cable-Modems-Routers/bd-p/home-cable-modems-routersThank you.
j4x4 wrote:
I got some great help from Netgear on my OpenVPN install. It's up and running on my Orbi.
Next step is to install certificate authentication to secure the connection. Does anyone have experience with this step? I cannot find anything on the community pages here.
This one comes up from time to time. I don't know where you looked –but I found several other messages on the community pages here. This might help:
Search - NETGEAR Communities – OpenVPN certificate
As that search shows, it is a generic issue that a[p[lies to all routers. that support OpenVPN.
PS Unless you hit a brick wall and hit something specific to your hardware, please don't waste your, and anybody else's, time chasing off into other areas of this community. Life's too short. Next to no one follows the section you were directed to. The answers you get there, if there are any, will be the same as you get here. As the link above shows, it is a generic router issue. Best dealt with here first. It is the busiest section for router issues.
Hello,
Thanks for getting back to me. When I run the OpenVPN GUI I get these error messages in red:
Wed Oct 20 19:07:02 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Wed Oct 20 19:07:02 2021 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Wed Oct 20 19:07:03 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 20 19:07:04 2021 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Wed Oct 20 19:07:04 2021 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
Wed Oct 20 19:07:09 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
***
I am not sure where to make these fixes ... do I need to add these lines to the actual code? Just not sure how to fix this one ...
j4x4 wrote:
Hello,
I got some great help from Netgear on my OpenVPN install. It's up and running on my Orbi.
Next step is to install certificate authentication to secure the connection. Does anyone have experience with this step?
Can you please provide a link to where the need for this step is described?
I set up OpenVPN on two Orbi systems. Orbi creates the needed certificates and host/client keys and includes them in the ovpn files (separate files for Windows. "all-in-one" file for smartphone and non-windows).
The connection is secure because only the Orbi and the client have this information.
I keep getting warnings that state no certificate verification has been enabled. I installed OpenVPN 2.5.4 on my Windows 10 machine.
The same warnings directed me to visit the OpenVPN website. When I tried to get help there, the posts I found directed me ... back here.
Searching on this page led me here:
https://openvpn.net/community-resources/how-to/#numbering-private-subnets
But the most recent version of OpenVPN referred to is 2.3.x.
Before I go through all of the steps described for that, I want to know if there is a better/easier/other way to generate certificates with OpenVPN 2.5.4
I saw other posts here that said it's automatic, but that has not been my experience so far.
Thanks again for any help you can offer.
That OpenVPN page is pointing out that the "local LAN" subnet for the client machine must be different from the local LAN for the host.
i.e. If the Orbi LAN is 192.168.1.x, then the client must not be in the same subnet on its end. This is likely to happen when the remote client is connected to another consumer router that defines the local LAN the same way the Orbi does (192.168.1.x).
I have been fortunate because I always test my OpenVPN connections by creating a Hot Spot on my smartphone and the smartphone defines its LAN as 192.168.43.x (why they picked 43 is an interesting question).
This would seem to have nothing to do with certificates. Will need to do more research on that question.
