NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Struggling with VPN on Orbi RBR50
I'm trying to set up my Orbi RBR50 to use as a VPN - so when I'm "out of the house" I can still access data inside my LAN, and also access streaming (cable) services that expect me to be at my house ...
VPN access to the home network (Orbi system) depends on the internet connection reaching the Orbi router. From the description, it appears that the Orbi router is 'hidden' behind the AT&T router using Network Address Translation (NAT). Thus the VPN connection attempt reaches the AT&T (at IP address A.B.C.D.) and the AT&T router does not accept the connection. (All residential routers refuse connections unless they have been specifically programmed to accept them.)
Having two routers is commonly called a "Double NAT" condition. VPN access is one of the specific applications that are most commonly affected by Double NAT. (Internet search for Double NAT and OpenVPN will bring up additional information).
There are several methods to handle this problem:
- Remove the Double NAT so that there is only one router and internet connections go directly to it. There are two common methods to accomplish this:
- Put the AT&T router into Passthrough mode (sometimes called bridge mode). This may be complicated if (a) there are devices besides the Orbi connected directly to the AT&T router.
- Place the Orbi router in the AT&T router's DMZ.
- Another tactic is to configure the AT&T router to forward the VPN ports to the Orbi router. OpenVPN on Orbi routers defaults to use ports 12973 and 12974. If those two ports are forwarded through the AT&T router to the IP address of the Orbi (192.168.0.98), then OpenVPN connections should work.
Either way, this requires getting into the management interface of the AT&T router.
CrimpOn- thank you for the reply.
Taking your advice, I did the following:
* Put the AT&T router in Passthrough mode.
* Checked the "external ping" from my phone - when the Router is the front line, I get no ping reply (the router is set to ignore external pings), but the Orbi is set to reply (aside - it seems like a grayed out option checked "on", and I have no choice but to do this), and when I go to Passthrough mode, an external ping gets a response - suggesting the Orbi is getting the external packet and responding.
* Connected the Laptop to the phone's hotspot, confirmed the external IP 172.20.10.14, and tried to ping xxxx.mynetgear.com - and get a reply
* try to launch OpenVPN on my laptop - nothing.
So at least I think I've narrowed it down to "something wrong with my OpenVPN installation (right?). I followed the steps outlined on the netgear page
https://kb.netgear.com/31487/How-do-I-use-VPN-service-on-my-Orbi-system-with-my-Windows-client
so maybe there's still some hope that someone here can help. If not, I guess I either have to try OpenVPN knowledge base, or else find a different VPN client software to use.
Any additional thoughts?--Mark
My RBR50 also has the option "Respond to ping on internet port" grayed out and not available to click on. When I turn off WiFi on my smartphone, the phone is not able to ping the public IP address of the Orbi router. My impression is that Netgear decided that responding to ping simply invites internet attacks and no longer enables users to enable this option. Very puzzled that your RBR50 would respond to ping. (My firmware release is v2.7.5.4)
Sometimes it is helpful to increase the level of information that OpenVPN writes to the log file by adding verb 5 to the end of the configuration file. i.e.:
client dev tun proto udp sndbuf 393216 rcvbuf 393216 push "sndbuf 393216" push "rcvbuf 393216" dev-node NETGEAR-VPN remote xxx.netgear.com 12973 resolv-retry infinite nobind persist-key persist-tun ca ca750.crt cert client750.crt key client750.key cipher AES-128-CBC comp-lzo verb 5CrimpOn- again, thanks for the info.
Starting on the tangential point, for me, in the Orbi interface at Advanced > Setup > WAN Setup, I see the attached image. "Respond to Ping on Internet Port" appears to be "checked on" and is grayed out. That is consistent with the behavior I seem to be getting.
Also, when I go to Advanced > Administration > Firmware Update, I'm told "current version = V2.7.4.24" and "Status = No new firmware version available" However, you report using v2.7.5.4 - suggesting there *is* a new version, and for some reason my Orbi is giving bad info. Not sure that solves the VPN issue, but maybe it does impact the ping?...
In any case, I can add verb 5 to the .ovpn , but I don't think that's going to increase data written to the log file (at least not yet), becuase there's no log file being generated. There is no indication that OpenVPN is actually running - double clicking on the openvpn-gui.exe results in nothing happening - no GUI appears, no process starts, no log files get written.
That said, if I delete the files (from the Orbi download - .ovpn, etc.) I had moved to C:\Program Files\OpenVPN\Config
and then I double click on the .ovpn file saved in another folder, I *do* get a popup dialog from OpenVPN GUI asking "Do you want to import the profile <client>?" so something seems to be working, but only if I'm trying to do a setup.
Also, checking back to the part where on the PC I renamed a Network Adapter to "NETGEAR-VPN" - did I accomplish that correctly? I had some confusion on what to rename - the KB instructions seemed to say there were two options for things to rename and to be sure to pick the right one, but I only found one option. Maybe I've not got something named correctly?
