NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBR50 - VPN assigns IP address to different subnet
HI Everyone, I have the Orbi RBR50 w/ FW v2.3.5.30. The issue I'm having is when I connect via VPN (openvpn ios app), the IP address assigned is on a different subnet. (ie: my internal addresses a...
I agree with ekhalil . When I use VPN, the computer that is "coming in" always gets an address in a different subnet, but it also is able to reach all of my devices. If you have a specific situation that isn't working, please describe it.
Thanks for the replies CrimpOn and ekhalil. My specific situation is that I have IPCams that are assigned static address and I have blocked them from internet access via "Access Control". When I am connected to my network via wireless/ wired, I can go to their IP address and access them. When I access my network via VPN, the VPN client being on a different subnet, cannot access the cams. If I turn off blocking via "Access Control" then the VPN client can reach them. I do not want to do this method as it does not secure the cams. Is it possible to reserve/ change the ipaddress issued to the VPN client so that it will be on the same subnet?
Thank you for taking your time and helping on this.
Bay510 wrote:My specific situation is that I have IPCams that are assigned static address and I have blocked them from internet access via "Access Control".
Please explain which "Access Control" is being used to block cameras from internet access. (On the Orbi web interface? Using the Orbi "app"? On the camera?)
Thanks
Are the static IP addresses of the camera within the DHCP range that you set in the web GUI under >> ADVANCED >> Setup >> LAN Setup?
If not please use addresses within the range and do address reservation in Orbi instead of setting static IP addresses in the cameras.
It's possible that Orbi differenciate between addresses within the set DHCP range and those outside.
Yes, the static IP addresses are within the range. ie: internal network is 192.168.88.1 (router gateway) Cams are 192.168.88.201 - 192.168.88.210. I configured a static IP in the cams, for each cam. I then did address reservation for each cam in Orbi webui. So the cams are on the internal network, I just blocked them using orbi webui access control - Deny.
This is where I am lost. I do not see "Deny" on the Access Control page anywhere.
Bay510 wrote:........ When I am connected to my network via wireless/ wired, I can go to their IP address and access them. When I access my network via VPN, the VPN client being on a different subnet, cannot access the cams. ........
Thinking about it, it might really be the way this functionality should work.
If you block internet access for a client it will not be reacheable from internet, so I assume the VPN client is still considered to be an external access even though it has an internal IP address.
This does not have anything to do with the subnet that the VPN client belongs to, seems to me.
Interesting, my understanding is that if you VPN into your network, than its as if you are locally connected to that network. At least one should be on the same subnet as other devices, I would think. Please correct me if I misunderstand.
Thank you for your help!
Bay510 wrote:Interesting, my understanding is that if you VPN into your network, than its as if you are locally connected to that network. At least one should be on the same subnet as other devices, I would think. Please correct me if I misunderstand.
.....
Since blocking internet access on a device is what made a VPN client not being able to access it, this is very clear that this has nothing to do with the subnet of the VPN client but with the Access Contol.
I think what you can do is, instead of blocking the cameras in the Access Control (blocking all ports towards internet), you can instead just block certain services (ports) for those devices. You can do this in the web GUI under >> ADVANCED >> Security >> Block Services.
Select the common services like FTP, telnet, ..... to block.
