NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
SleeplessInPDX
Feb 03, 2020Aspirant
ORBI OpenVPN not working with Windows 10 client
I have setup my Orbi for OpenVPN and followed the instructions closely on both the Orbi router side and client side. For Android and iOS devices, Orbi's OpenVPN is working such that a VPN session is...
- May 22, 2020I worked with Netgear tech support a few weeks ago on this. The problem is solved. Apparently, the configuration file was bad on the particular revision of Orbi firmware I was using. I had updated the firmware but not the configuration file. Tech support suggested replacing the Open VPN configuration file. When I did that it started working.
CrimpOn
Feb 03, 2020Guru - Experienced User
I have Orbi OpenVPN configured on two Orbi's, and can access both from Windows 10. Are you able to observe the Orbi "Attached Devices" web page while performing a test of OpenVPN? If so, how does the Attached Devices describe the VPN client device? On my Orbi's, the default subnet is 192.168.1.1 (the most common), and VPN devices show up with (a) an IP address in 192.168.2.x and a connection type of "vpn".
My test methodology is somewhat tedious. I disconnect my smartphone from WiFi to use the LTE connection, and create a WiFi Hot Spot. Then, I disconnect my Windows 10 machine from Orbi WiFi and connect it to the Hot Spot. Then, open the VPN client. That way, I can get to the Orbi using a wired PC while testing OpenVPN on the laptop.
SleeplessInPDX
Feb 05, 2020Aspirant
Hi CrimpOn,
Thanks for you reply. When using an Android/iOS device connect to Orbi OpenVPN via LTE network, I am able to see the connected device listed as "OPENVPN-TUN" (in "Attached Device" web page) and see Orbi assigns an IP address of 192.168.2.2 to device (note: the internal LAN subnet is 192.168.1.X). It works as expected and as you described.
However, with a Windows 10 client, Orbi assigns an IP address of 192.168.1.100 as seen in "Attached Device" web page and I can also see in "Logs" web page under "Administration" a line entry of DHCP IP address 192.168.1.100 assigned to the Windows 10 client . To be clear, the Windows 10 client is connected to LTE network. Made double sure the Windows 10 client is not connected to Orbi's LAN. It's a very basic test. No other OpenVPN client is connected.
As a test, on Windows 10 client I open a command shell to ping Orbi's IP (on LAN side, which is 192.168.1.1), the ping fails (because Orbi OpenVPN assigned the wrong IP address. It should be 192.168.2.2... just like the Android device).
(Note: In my LAN network, I configured Orbi's DHCP Server to have a start IP address of 192.168.1.100 and end IP address of 192.168.1.254. IP address range from 192.168.1.2 to 192.168.1.99 are IP address statically assigned (using the Address Reservation UI).
This issue appears on both Firmware Version 2.5.1.8 and Version 2.3.5.30. I believe this is a firmware bug in Orbi.
To Netgear Orbi team, please advise.
- FURRYe38Feb 05, 2020Guru - Experienced User
You may want to open a support ticket here and get some help on this:
https://www.netgear.com/support/#
SleeplessInPDX wrote:Hi CrimpOn,
Thanks for you reply. When using an Android/iOS device connect to Orbi OpenVPN via LTE network, I am able to see the connected device listed as "OPENVPN-TUN" (in "Attached Device" web page) and see Orbi assigns an IP address of 192.168.2.2 to device (note: the internal LAN subnet is 192.168.1.X). It works as expected and as you described.
However, with a Windows 10 client, Orbi assigns an IP address of 192.168.1.100 as seen in "Attached Device" web page and I can also see in "Logs" web page under "Administration" a line entry of DHCP IP address 192.168.1.100 assigned to the Windows 10 client . To be clear, the Windows 10 client is connected to LTE network. Made double sure the Windows 10 client is not connected to Orbi's LAN. It's a very basic test. No other OpenVPN client is connected.
As a test, on Windows 10 client I open a command shell to ping Orbi's IP (on LAN side, which is 192.168.1.1), the ping fails (because Orbi OpenVPN assigned the wrong IP address. It should be 192.168.2.2... just like the Android device).
(Note: In my LAN network, I configured Orbi's DHCP Server to have a start IP address of 192.168.1.100 and end IP address of 192.168.1.254. IP address range from 192.168.1.2 to 192.168.1.99 are IP address statically assigned (using the Address Reservation UI).
This issue appears on both Firmware Version 2.5.1.8 and Version 2.3.5.30. I believe this is a firmware bug in Orbi.
To Netgear Orbi team, please advise.
- MTBBILLFeb 24, 2020Aspirant
I am having the exact same issue. Was this ever resolved?
- SleeplessInPDXFeb 24, 2020Aspirant
> I am having the exact same issue. Was this ever resolved?
No. This issue remains open till this day. I'm open to submit a bug report to Netgear but I dont know how and I have no time to research.
- schumakuMar 03, 2020Guru - Experienced User
SleeplessInPDX wrote:As a test, on Windows 10 client I open a command shell to ping Orbi's IP (on LAN side, which is 192.168.1.1), the ping fails (because Orbi OpenVPN assigned the wrong IP address. It should be 192.168.2.2... just like the Android device).
No, there must be a different cause:. OpenVPN can be operated in TAP and TUN mode. TAP is kind of a bridging, while TUN requires NAT. TAP is not supported on non-routed mobiles (Android, iOS) so TUN must be used. TAP does create a bridge, just like a direct connection, so the router LAN-side DHCP server will assign addresses - this is the "standard" configuration for Windows, MacOS, Linux clients. TUN does use routing with the intermediate 192.168.2.0/24 network - this is the only version workable on most mobile devices in absence of a bridge (TAP) driver - that's why you see a different address on the mobile clients.
Do you have the Windows TAP adapter renamed to "NETGEAR-VPN" inside Control Panel as per How do I enable the VPN feature on my NETGEAR router using a Windows computer? ?A possible reason is of the "local" Windows client LAN does make use of the same IP subnet like the remote OpeVPN connected one.
EricClarke The presence of the routing exe config depends on the Netgear OpenVPN router side (OpenVPN term: Redirect gateway) control "Clients will use this VPN connection to access: Auto All sites on the Internet & Home Network Home Network only "
- CrimpOnMar 03, 2020Guru - Experienced User
I just now tested my Windows 10 OpenVPN client connecting to Orbi. Still works. Gets an IP address from the regular DHCP pool (192.168.1.x, NOT 192.168.2.x). Ping to 192.168.1.1 works as it should.
I have sort of mixed feelings about "tun" vs. "tap". Since with Windows 10 (tap) client is essentially "part of" the regular IP subnet, it is going to be bombarded by everything going on in the subnet (all the ARP's, all the broadcasts, etc.) I have read articles complaining that the Android operating system does not allow "tap", so my guess is that people would rather other OpenVPN clients had the same characteristics as the Windows client.
I have no idea "what is wrong". My experience is that "it works."
- schumakuMar 03, 2020Guru - Experienced User
CrimpOn wrote:I have sort of mixed feelings about "tun" vs. "tap". Since with Windows 10 (tap) client is essentially "part of" the regular IP subnet, it is going to be bombarded by everything going on in the subnet (all the ARP's, all the broadcasts, etc.) I have read articles complaining that the Android operating system does not allow "tap", so my guess is that people would rather other OpenVPN clients had the same characteristics as the Windows client.
Good description!
TAP would require a driver with change mode to Kernel - this is simply not allowed on Android or iOS.What is an advantage that the broadcasts won't hit the VPN connection indeed. Cumbersome if you want to run some non-Multicast based discovery - read: broadcast - based Apps e.g. for IoT discovery and configuration. That wont be possible over the TUN mode VPN.