NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Problem getting VPN enabled and tested
Hi,
The network configuration we have in our home is:
- Verizon Fios Modem/router
- Orbi mesh is connected to one of the LAN-side ports of the Fios modem
- The LAN side network of the Fios is 192.168.1.x.
- The LAN/WIFI side of the Orbi mesh is 10.0.0.x
- IP WAN side IP of the Orbi node that is connected to the Fios modem has IP address 192.168.1.152
- I have a Synology NAS that is connected (hard-wired) to one of the ports on one of the Orbi nodes. IP address of the NAS is 10.0.0.205.
I am going to be doing some travelling soon, so I wanted to setup the VPN server in the Orbi, so that I connect from remote places, mainly via a Windows PC. So when I am travelling, I'd connect over the internet to an IP address that is on the WAN side of the Fios modem/router. I mainly want to be able upload and download files to the NAS and also, ideally, I'd like to be able to connect to the NAS Console (IP is 10.0.0.205:xxxx).
So in the Orbi console I enabled the VPN Service, and downloaded the small config file:
Then, I downloaded the OpenVPN client installer, and installed that on my PC, and put the config file in the OpenVPN "config" directory and then edited the name to "NETGEAR-VPN".
When I started the OpenVPN GUI, it said the VPN is started, but when I list the network connections on the Windows PC it says that connection "the cable is unplugged".
Here's the contents of the config1.opvn file:
client
dev tap
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
dev-node NETGEAR-VPN
remote 192.168.1.152 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 0
I am a bit confused about how the VPN is supposed to be configured but is it "expected" that that NETGEAR-VPN should be "unplugged" at this point?
If that is NOT expected, what could be causing the VPN client side (the PC) to think that it is not "connected" to the VPN connection?
Also, I am a little (maybe a lot) confused about how I can test the configuration to make sure that it'll work when I am actually trying to connect from the internet?
Thanks, and sorry for the longish first post :(!!
Jim
6 Replies
What Orbi model do you have?
Your ISP Modem already has a built in router and wifi. This would be a double NAT (two router) condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktop
Try option #2 first...
ohaya100 wrote:
- The LAN side network of the Fios is 192.168.1.x.
- The LAN/WIFI side of the Orbi mesh is 10.0.0.x
- IP WAN side IP of the Orbi node that is connected to the Fios modem has IP address 192.168.1.152
FURRYe38 is correct. The FIOS box is a router which is shielding the public IP address from the Orbi router.
Search for "Double NAT" to understand the specific applications which cannot function when there are two routers. These include port forwarding, certain types of internet gaming, and..... Opening a VPN connection from the internet to reach the local LAN from the internet.
I have no personal experience with FIOS and thus am not certain which technique (pass through, DMZ) works best.
Another alternative might be some sort of Remote Desktop software on one of the PCs that will allow you to open up a connection from the internet directly to the PC. (and from there, to access the rest of the LAN).
Good that you got started on this early.
ohaya100 wrote:
The network configuration we have in our home is:
- Verizon Fios Modem/router
- Orbi mesh is connected to one of the LAN-side ports of the Fios modem
As others have said, this is a classic case of double NAT.
I chip in only to say that the key missing detail is the modem number of this Verizon Fios Modem/router.
It is usually easier to put this into bridge (modem only) mode than to go into PhD grade network engineering. Then just leave it to the Orbi router to manage the network.
The model number would tell us if this is one of those modem/routers that allows bridge mode. Tis such a common topic that a Google/Bing search will usually have pointers.
Hi,
Thanks for all the responses.
FYI, the FIOS modem/router is "cr1000a".
I found a user guide for it here: https://scache.vzw.com/dam/support/pdf/user_guide/cr1000a-verizon-router-user-guide.pdf
That guide has a list of features including:
VPN (VPN pass through only)
But that guide above doesn't have any other info on that feature :(...
Jim
Something to contact the ISP about for there help and support information regarding there equipment.
ohaya100 wrote:
I found a user guide for it here: https://scache.vzw.com/dam/support/pdf/user_guide/cr1000a-verizon-router-user-guide.pdf
That guide has a list of features including:
VPN (VPN pass through only)
You could see if you can get the cr1000a to do the VPN work at your end, and then put the Orbi into AP mode.
Or you could see if anyone has managed to crack the bridge mode move.
cr1000a bridge mode - Google Search
The people who make these things can be reluctant to reveal such details, especially if it is the ISP that provided the hardware.
Do not get confused by the various descriptions of "bridge mode". It is not the same for a modem/router – where it is also known as modem only mode – as it is for a router.
