NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

sd_mark's avatar
sd_mark
Aspirant
Dec 04, 2024

Struggling with VPN on Orbi RBR50

I'm trying to set up my Orbi RBR50 to use as a VPN - so when I'm "out of the house" I can still access data inside my LAN, and also access streaming (cable) services that expect me to be at my house ...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Dec 04, 2024

VPN access to the home network (Orbi system) depends on the internet connection reaching the Orbi router.  From the description, it appears that the Orbi router is 'hidden' behind the AT&T router using Network Address Translation (NAT).  Thus the VPN connection attempt reaches the AT&T (at IP address A.B.C.D.) and the AT&T router does not accept the connection.  (All residential routers refuse connections unless they have been specifically programmed to accept them.)

 

Having two routers is commonly called a "Double NAT" condition.  VPN access is one of the specific applications that are most commonly affected by Double NAT.  (Internet search for Double NAT and OpenVPN will bring up additional information).

 

There are several methods to handle this problem:

  • Remove the Double NAT so that there is only one router and internet connections go directly to it.  There are two common methods to accomplish this:
    • Put the AT&T router into Passthrough mode (sometimes called bridge mode).  This may be complicated if (a) there are devices besides the Orbi connected directly to the AT&T router.
    • Place the Orbi router in the AT&T router's DMZ.
  • Another tactic is to configure the AT&T router to forward the VPN ports to the Orbi router.  OpenVPN on Orbi routers defaults to use ports 12973 and 12974.  If those two ports are forwarded through the AT&T router to the IP address of the Orbi (192.168.0.98), then OpenVPN connections should work.

Either way, this requires getting into the management interface of the AT&T router.

 

sd_mark's avatar
sd_mark
Aspirant
Dec 06, 2024

CrimpOn- thank you for the reply.

 

Taking your advice, I did the following:

* Put the AT&T router in Passthrough mode.

 

* Checked the "external ping" from my phone - when the Router is the front line, I get no ping reply (the router is set to ignore external pings), but the Orbi is set to reply (aside - it seems like a grayed out option checked "on", and I have no choice but to do this), and when I go to Passthrough mode, an external ping gets a response - suggesting the Orbi is getting the external packet and responding.

 

* Connected the Laptop to the phone's hotspot, confirmed the external IP 172.20.10.14, and tried to ping xxxx.mynetgear.com - and get a reply

 

* try to launch OpenVPN on my laptop - nothing.

 

So at least I think I've narrowed it down to "something wrong with my OpenVPN installation (right?).  I followed the steps outlined on the netgear page

https://kb.netgear.com/31487/How-do-I-use-VPN-service-on-my-Orbi-system-with-my-Windows-client

 

so maybe there's still some hope that someone here can help.  If not, I guess I either have to try OpenVPN knowledge base, or else find a different VPN client software to use.

Any additional thoughts?

--Mark

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Dec 06, 2024

    My RBR50 also has the option "Respond to ping on internet port" grayed out and not available to click on.  When I turn off WiFi on my smartphone, the phone is not able to ping the public IP address of the Orbi router.  My impression is that Netgear decided that responding to ping simply invites internet attacks and no longer enables users to enable this option.  Very puzzled that your RBR50 would respond to ping.  (My firmware release is v2.7.5.4)

     

    Sometimes it is helpful to increase the level of information that OpenVPN writes to the log file by adding verb 5 to the end of the configuration file.  i.e.:

    client
dev tun
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
dev-node NETGEAR-VPN
remote xxx.netgear.com 12973
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca750.crt
cert client750.crt
key client750.key
cipher AES-128-CBC
comp-lzo
verb 5

     

    • sd_mark's avatar
      sd_mark
      Aspirant
      Dec 06, 2024

      CrimpOn- again, thanks for the info.

       

      Starting on the tangential point, for me, in the Orbi interface at Advanced > Setup > WAN Setup, I see the attached image. "Respond to Ping on Internet Port" appears to be "checked on" and is grayed out.  That is consistent with the behavior I seem to be getting.

      Also, when I go to Advanced > Administration > Firmware Update,   I'm told "current version = V2.7.4.24" and "Status = No new firmware version available"   However, you report using v2.7.5.4 - suggesting there *is* a new version, and for some reason my Orbi is giving bad info.  Not sure that solves the VPN issue, but maybe it does impact the ping?...

       

       

      In any case, I can add verb 5 to the .ovpn , but I don't think that's going to increase data written to the log file (at least not yet), becuase there's no log file being generated.  There is no indication that OpenVPN is actually running - double clicking on the openvpn-gui.exe results in nothing happening - no GUI appears, no process starts, no log files get written. 

       

      That said, if I delete the files (from the Orbi download - .ovpn, etc.) I had moved to C:\Program Files\OpenVPN\Config

      and then I double click on the .ovpn file saved in another folder, I *do* get a popup dialog from OpenVPN GUI asking "Do you want to import the profile <client>?" so something seems to be working, but only if I'm trying to do a setup.

       

      Also, checking back to the part where on the PC I renamed a Network Adapter to "NETGEAR-VPN" - did I accomplish that correctly?  I had some confusion on what to rename - the KB instructions seemed to say there were two options for things to rename and to be sure to pick the right one, but I only found one option.  Maybe I've not got something named correctly?

       

       

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User
        Dec 06, 2024

        That is such a hoot! (That your Orbi has the Ping option enabled and cannot be turned off and mine is off and cannot be turned on.)

         

        Alas, Netgear's firmware update process on Orbi products is frustrating.  For the original Orbi system (RBR50 and RBS50), Netgear published firmware V2.7.5.4 in February of 2023 and never set the Update Firmware mechanism to recognize and install it.  (Firmware appears to be released in phases and commonly first appears on the support web site where early adopters can download, install, and experience "what happens".  If there are not too many negative reports, the internal mechanism is typically set to announce "new firmware" for some period (maybe years), and finally Netgear may decide to push the new version in the middle of the night.)

         

        In the case of the "50" system, it appears that the final firmware release came about the time the product was being declared End of Service and it never went past the first phase.

         

        Anyway, users are free to download the newest firmware from the support web site and install it manually on their systems. I have been running it on my RBR50/RBS50 for over a year.

        https://kb.netgear.com/000065539/RBR50-RBS50-Firmware-Version-2-7-5-4 

         

        Update satellites first, and the router last.

        https://kb.netgear.com/31573/How-do-I-manually-upgrade-firmware-on-my-Orbi-router-using-orbilogin-com 

         

        Not sure what is keeping your OpenVPN from running on the PC.  I went "whole hog" and installed OpenVPN on my smartphone and a Windows laptop.  That way, I can test OpenVPN on the smartphone first to see that it is working.  Then, I create a Hot Spot on the smartphone and connect the laptop to test OpenVPN on it. (while not connecting  the smartphone with OpenVPN)