NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RBR20 not receiving VPN connection
Hello everyone, i'm trying to setup a vpn connection to access the network when I'm outside home. I followed the instructions provided in different posts: i configured and activated a dns (noip s...
- I have tried to change to tcp, but without success. The openvpn client starts as before, and the connection to the orb is never made.
So I have set up port forwarding, dmz, bridge mode but it looks that the ports are always closed: at least, trying from services on internet to check the status, it appears that none of the changes I make are working.
I’m starting to suspect that my ISP is blocking all ports, since I am using not a “regular” service but a wireless one (through telephone networks) because there was no coverage in my area for other tecnologies..
How is the computer (Windows?) connected to the internet when the VPN connection is attempted?
- To the Orbi LAN?
- On another network (coffee shop? friend's house?)
- To a Hot Spot from a cell phone?
The computer is a Windows 7 laptop, I have tried with the hotspot from a cell phone
Cell phone Hot Spot is how I test my OpenVPN setup. Could you verify that the client.ovpn file looks like this:
client dev tap proto udp dev-node NETGEAR-VPN remote *******.mynetgear.com 12974 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key cipher AES-128-CBC comp-lzo verb 0 sndbuf 393216 rcvbuf 393216 route-method exeAnother wrinkle in OpenVPN lies with the client software used to make the connection. There are two types of VPN connection:
- tun (an abbreviation for tunnel) which typically uses port 12973, and
- tap (an abbreviation for network tap) which typically uses port 12974.
https://en.wikipedia.org/wiki/TUN/TAP#:~:text=TAP%2C%20namely%20network%20TAP%2C%20simulates,attaches%20itself%20to%20the%20device. Internet search will turn up numerous articles explaining the circumstances which would favor using one method over the other.
My RBR50 Orbi creates a client.ovpn file for Windows connections defining the connection as tap on port 12974. I have used this configuration with successfully with OpenVPN Connect. I have also manually changed the connection to use tun on port 12973.
(As an aside, please note that the Windows configuration is the only version that defaults to tap. Apple and Android do not support a tap connection so the "smart-phone" configuration is set for tun and the "non-windows" configuration is set for tun.)
Perhaps if there is a way to get a more detailed OpenVPN log something may reveal itself.
Hi,
the openvpn config file looks exactly as the one posted above, with the exception of the remote address since I'm using NoIp services so I have something like ****.ddns.net.
However the update from the orbi is successful.
As of today, I have tried:
- Setting the ISP router to bridge mode
- Setting the ISP router to its normal mode but using port forwarding to the ORBI router IP
- Setting the DMZ on the IS router for the ORBI IP
- Changing the port from the ORBI router for the service (trying to see if something changes).
here is a longer log from the openVPN client, please consider that he port is different because I was trying to see if this was the issue (i replaced my external ip with xxx)
Fri Sep 9 09:02:29 2022 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Sep 9 09:02:29 2022 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Fri Sep 9 09:02:29 2022 OpenVPN 2.5.7 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 27 2022
Fri Sep 9 09:02:29 2022 Windows version 6.1 (Windows 7) 64bit
Fri Sep 9 09:02:29 2022 library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
Fri Sep 9 09:02:30 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Sep 9 09:02:30 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.x.xx:1194
Fri Sep 9 09:02:30 2022 UDP link local: (not bound)
Fri Sep 9 09:02:30 2022 UDP link remote: [AF_INET]xx.xxx.x.xx:1194
Fri Sep 9 09:03:30 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 9 09:03:30 2022 TLS Error: TLS handshake failed
Fri Sep 9 09:03:30 2022 SIGUSR1[soft,tls-error] received, process restarting
Fri Sep 9 09:03:35 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Sep 9 09:03:35 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.x.xx:1194
Fri Sep 9 09:03:35 2022 UDP link local: (not bound)
Fri Sep 9 09:03:35 2022 UDP link remote: [AF_INET]xx.xxx.x.xx:1194
Fri Sep 9 09:04:35 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 9 09:04:35 2022 TLS Error: TLS handshake failed
Fri Sep 9 09:04:35 2022 SIGUSR1[soft,tls-error] received, process restartingfrom this point onward, it just keep repeating and trying to connect without success
thanks