NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

korayb's avatar
korayb
Aspirant
Oct 09, 2017

VPN works, but public IP doesnt seem tunneled through (RBK50)

With the latest firmware version (V2.0.0.74) I have set up VPN -with NETGEAR DDNS. Downloaded the opvn files to iPhone and when I enable VPN (openVPN app) it looks like its all fine.   My RemoteMa...
Features
Troubleshooting
st_shaw's avatar
st_shaw
Master
Oct 09, 2017

VPNs do not always route all traffic through the remote server by default. This is set in the VPN configuration file.

 

When you setup the VPN on Orbi make sure you check the box that says, "Clients will use this VPN connection to access"...  "All sites on the Internet and Home Network."

korayb's avatar
korayb
Aspirant
Oct 11, 2017

Thanks, I did exactly as you said.

It told me to redownload the ovpn file, I did.

I deleted the old ovpn from the phone, imported the new one. (I use openVPN application).

Now, when VPN is turned on, i cannot access anything, including the router admin page.

So my problem became:  VPN doesnt work at all, although I followed the instructions and didnt do anything fancy.

Should I create a new topic as "VPN Doesnt work?"

Thanks,

  • st_shaw's avatar
    st_shaw
    Master
    Oct 11, 2017

    I don't think you need a new topic.

     

    It makes sense you needed to download a new ovpn file.  That's where the settings are saved, so anytime you change settings, the new file must be downloaded and transferred to your phone.

     

    Can you give some more information on how things are connected when nothing works? Apologies if any of the questions seem dumb, but I don't know anything about your setup or knowledge level. Some things to consider:

    1. Are you sure your router is accessible from the Internet?

    2. Can you get something simpler to work first, like Remote Access, to establish the router can be reached remotely?  See page 107 of the user manual here: http://www.downloads.netgear.com/files/GDC/RBK50/Orbi_UM_EN.pdf

    3. If you change the settings back to Auto, can you access the VPN as before?

    4. Are you connecting from either 1) outside your home, or 2) from inside but with the phone WiFi disabled so the cellular radio is used?

    5. Have you tried the VPN from a Mac or Windows client?

     

    This video has a decent walkthrough of the setup.

     

    https://www.youtube.com/watch?v=7CRKV2DfugI

     

    • korayb's avatar
      korayb
      Aspirant
      Oct 12, 2017

      Hi,

       

      Thanks for your answers.  I went over every line of your message and provided extensive info🙂 Therefore it is a long message.  Thanks for your time.

       

      I am an IT professional.  Have 6 years of programming, 6 years of business analysis and 6 years of it project management experience under my belt.  Not a network expert at all, but have a basic understanding of NAT, DNS, Network Masks etc.

       

       

      To test the VPN, I turn off wifi on my phone.  

      I verify that I get a new public IP from the cell provider, e.g.84.241.xxx.yyyy

      I openVPN app on the phone, I enable the VPN connection.

      With the current setting (All sites on the Internet & Home Network selected) thats the last meaningful thing I can do on the phone.

      From this point on, nothing is accessible, neither google.com nor 192.168.1.1 (orbit admin)

       

      At the same time, I go to the ORBI logs.  

      There I can see that the openVPN was successful: [OpenVPN, connection successfully] from remote IP address: 84.241.xxx.yyyy

       

      Therefore I think the router is accessible from the internet.

       

      When "automatic" was selected instead of "All sites on the Internet & Home Network", and the VPN worked, I could access orbi admin page.  whats strange now is that even this doesnt work.

       

      i had not enabled remote access before, in order not to run into other issues.  

      I had enjoyed the idea of being able to do this through the vpn.  

      But upon your message, i enabled it.  

       

      I closed the VPN on my phone.  

      Typed in “https://myname.mynetgear.com:8444” -i customised the port just in case-.  

      Safari didnt even let me connect to this site “connection is not private”. 

      chrome also didn’t want me to go to this site.  but at least I could insist to proceed to the site.  

      ORBI said “another admin is logged in - yes, the admin page was open in my mac- and it will have to be kicked out”.  

      I said “yes, please”. 

      And I could see the admin page.

       

      So yes.  I can do remote management (although the browsers don’t like its security).

       

      from logs:  [remote login] from source 84.241.xxx.yyy 

       

      Next step for me was to disable the remote management.  

      I didn’t have to re-login as admin (that what the message said during the remote management experiment - another issue?) 

       

      no, i don’t have any of my browsers remember orbi admin page credentials. 🙂

       

      After the remote management is turned off, I could no longer do vpn on my phone now.  I hanged during “waiting for server” step.

       

      I deleted and re-downloaded the opvn file from ORBI.  Now it connects but still, although “automatic” is selected, I can no longer go to 192.168.1.1.

       

      I don’t have windows machines that I have admin rights to.

       

      The macs I have are inside the house so testing VPN with them is moot.

       

      Since the instructions consisted of 3 steps with DDNS and 3 steps with VPN, I didn’t watch any movies.  I will watch the video in your link today, in case there is something that i miss.

       

      One more important detail:  

       

      I have a box from my internet provider(KPN).  it has my public ip on one side and 192.168.2.X on the other.

      I turned off its wifi capabilities.  

       

      The only thing connected to this box -with a cable- is ORBI.  

      I arranged so that ORBI has DHCP Static IP - Using MacADDRESS:  192.168.2.100.  

      Furthermore, I enabled DMZ setting for 192.168.2.100 on the KPN Box.

      I expect any public traffic to it hitting the ORBI box.

       

      In my earlier attempts I tried to do this with port forwarding.  It worked for a while then it stopped.  

      So I shifted to the DMZ option. 

       

      As the remote management test shows, this seems to be working.

       

      However lets look at the ORBI now.

      - DDNS points to my public IP.  Public IP hits KPN box.  KPN Box (LAN IP:  192.168.2.254) (through DMZ setting) sends everything to 192.162.2.100 (Public side of ORBI).  ORBI’s LAN side is 192.168.1.X (x=1 being orbi itself)

      - When I check my phone - when the VPN is connected (but no traffic is passing through)

      server is myname.mynetgear.com (check)

      server ip is my public ip (check)

       

      but VPN IPv4 is 192.168.2.2.  So I am on the KPN BOX space, not the ORBI space.

       

      This might be the issue.  But I don’t know how to solve this problem.  I thought the DMZ setting on the KPN box would solve it but no.

       

      So whats the suggested way to VPN, when ORBI is behind a consumer grade modem/router (when the wifi is turned off and ORBI is being used for it)

       

       

      Many Thanks

       

       

       

       

       

      • korayb's avatar
        korayb
        Aspirant
        Oct 12, 2017
        Giving it a little bit more thought, I no longer think that IP’s problem. If Warby had a public IP, my phone would appear just like another public IP. And right now 192.168.1.x space is the public space as far as the Orby is concerned.

        Nevertheless the carpet and box might be complicating the situation. Looking forward to hearing your advice