NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
VPN works, but public IP doesnt seem tunneled through (RBK50)
With the latest firmware version (V2.0.0.74) I have set up VPN -with NETGEAR DDNS. Downloaded the opvn files to iPhone and when I enable VPN (openVPN app) it looks like its all fine. My RemoteMa...
Carpet and box -> KPN box
Kpn is my isp
Kpn is my isp
Your problem is almost certainly related to the fact that your Orbi is not the router/gateway for your LAN. This will cause multiple problems, VPN issues being just one.
What you should do is etiher:
1) Run Orbi in Access Point Mode. (But this disables OpenVPN capability on Orbi.) OR
2) Set your KPN modem/rotuer to transparent bridge mode, which ensures your Orbi takes the public WAN IP address. You may be able to Google this, call your ISP and ask them how to do it, or buy another modem that can be bridged.
It is possible to get OpenVPN to work on a server that's not the gateway/router. I've done it. However, doing so requires at least adding a static route to the gateway. This ensures the LAN devices know to go through Orbi instead of the KPN to respond back to the VPN client device on the other end of the tunnel. Adding the static route might be good enough.
See if you can bridge the modem. If that's absolutely impossible, then we can talk about what you wanted to use the VPN for and see if there is a solution.
Thanks again for your support, interest and time.
The support person at KPN didnt even know what tranparent bridge is :) forwarded me to kpn forums. I posted my question there but i am not very hopeful, they really dumbed down the interface of the modem/router, couldnt even see a way to disable dhcp: in holland the customer isnt king. The king is king. (Kpn is a royal family establishment)
the support person also “guessed” that getting a new modem is a bad idea: he “guessed” tv and telephony (also connected to kpn box) wont probably work with a third party device.
Kpn box is: arcadyan (VGV7519) experia box v8 - if it tells you anything.
I am losing hope because i might even not be able to do the static route setting you mentioned. If you would like i can screenshot every page on the modems admin pages (there arent that many anyway) and share that.
i had hoped that assigning static dhcp to orbi and doing the so-called dmz to that static ip would solve the issue, but if you say “not good enough” i will take your word.
i am willing to try your further suggestions.
And if i get lucky on the kpn forums, i will let you know immediately.
or i could wait a bit before i consume any more of your time...
or?
My Vpn motives:
- learning by doing : i am trying to learn about vpn’s. Was hoping that it would work after following the instructions. Turns out i have to learn more than i bargained for :)
- for some reason i have the feeling that router management through vpn is more secure than enabling remote management on the router and opening the port to the world. I have always been suggested against that. It would have been nice to go to the admin page from outside the house
- i spend several weeks abroad every year, places where internet is heavily censored by the local governments. Believe it or not, wikipedia is currently blocked in my home country. I was hoping to test vpn during my next travel there. And maybe let my close family there use my vpn for their uncensored internet needs.
Kind regards and many thanks for your time
You are right that VPN is more secure than port forwarding for remote management of the router.
I would think you should still be able to access the router, even without the static route. Have you forwarded the OpenVPN port on the on the KPN router to the Orbi's static LAN IP? The dafault port is UDP/1194.
Are you using the TUN mode config file on your iPhone? (TAP mode is apparently not supported on iOS.)
If you cannot bridge your router though, you really should run Orbi in AP mode, for other reasons. In that case you cannot run OpenVPN on Orbi, but you could use a different remote access approach. I use a Raspberry Pi setup as an SSH server. on the LAN With this and a good remote desktop client (like Jump Desktop) I can connect to a desktop machine on my network. From there I can browse, manage the router via the GUI, etc. This is also much faster then OpenVPN.