NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ORBI OpenVPN not working with Windows 10 client
I have setup my Orbi for OpenVPN and followed the instructions closely on both the Orbi router side and client side. For Android and iOS devices, Orbi's OpenVPN is working such that a VPN session is...
- I worked with Netgear tech support a few weeks ago on this. The problem is solved. Apparently, the configuration file was bad on the particular revision of Orbi firmware I was using. I had updated the firmware but not the configuration file. Tech support suggested replacing the Open VPN configuration file. When I did that it started working.
SleeplessInPDX wrote:As a test, on Windows 10 client I open a command shell to ping Orbi's IP (on LAN side, which is 192.168.1.1), the ping fails (because Orbi OpenVPN assigned the wrong IP address. It should be 192.168.2.2... just like the Android device).
No, there must be a different cause:. OpenVPN can be operated in TAP and TUN mode. TAP is kind of a bridging, while TUN requires NAT. TAP is not supported on non-routed mobiles (Android, iOS) so TUN must be used. TAP does create a bridge, just like a direct connection, so the router LAN-side DHCP server will assign addresses - this is the "standard" configuration for Windows, MacOS, Linux clients. TUN does use routing with the intermediate 192.168.2.0/24 network - this is the only version workable on most mobile devices in absence of a bridge (TAP) driver - that's why you see a different address on the mobile clients.
Do you have the Windows TAP adapter renamed to "NETGEAR-VPN" inside Control Panel as per How do I enable the VPN feature on my NETGEAR router using a Windows computer? ?
A possible reason is of the "local" Windows client LAN does make use of the same IP subnet like the remote OpeVPN connected one.
EricClarke The presence of the routing exe config depends on the Netgear OpenVPN router side (OpenVPN term: Redirect gateway) control "Clients will use this VPN connection to access: Auto All sites on the Internet & Home Network Home Network only "
I just now tested my Windows 10 OpenVPN client connecting to Orbi. Still works. Gets an IP address from the regular DHCP pool (192.168.1.x, NOT 192.168.2.x). Ping to 192.168.1.1 works as it should.
I have sort of mixed feelings about "tun" vs. "tap". Since with Windows 10 (tap) client is essentially "part of" the regular IP subnet, it is going to be bombarded by everything going on in the subnet (all the ARP's, all the broadcasts, etc.) I have read articles complaining that the Android operating system does not allow "tap", so my guess is that people would rather other OpenVPN clients had the same characteristics as the Windows client.
I have no idea "what is wrong". My experience is that "it works."
CrimpOn wrote:I have sort of mixed feelings about "tun" vs. "tap". Since with Windows 10 (tap) client is essentially "part of" the regular IP subnet, it is going to be bombarded by everything going on in the subnet (all the ARP's, all the broadcasts, etc.) I have read articles complaining that the Android operating system does not allow "tap", so my guess is that people would rather other OpenVPN clients had the same characteristics as the Windows client.
Good description!
TAP would require a driver with change mode to Kernel - this is simply not allowed on Android or iOS.What is an advantage that the broadcasts won't hit the VPN connection indeed. Cumbersome if you want to run some non-Multicast based discovery - read: broadcast - based Apps e.g. for IoT discovery and configuration. That wont be possible over the TUN mode VPN.