NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
BR500 VPN and IPSec Example w/Open Source
Since the BR500 supposedly has VPN Support for both OpenVPN and now IPSec (same underlying protocol, more options), I was wondering if anyone has successfully gotten any Linux with open source softwa...
Just an FYI that I finally got OpenVPN working on my BR500 ... and although I am not 100% sure what the root cause was, I think it was just that my router was "confused" (I'm using that term in a "technical" way).
Previously, I tried three (3) separate OpenVPN clients, and all would just hang a 'connecting', and tunnelblick would explicitly show data being sent but no data received.
So what did I do to get it working? I went to the OpenVPN page of the BR500 web GUI, changed ports from 12973 (TUN) /12974 (TAP) to different ports (I tried 1194/1195), changed it from UDP to TCP, could briefly telnet to those ports from an external server, changed it back to UDP and 12973 / 12974, and voila!, my prior OpenVPN software install (previously not working) on my (remote) Mac started working! I can only conclude that something was "confused" (technical term), and that I "un-confused" it by "playing" with the ports and protocol, which must have reset something in the router configuration. [No doubt any Netgear engineers reading this are now cringing by this description.]
In fairness, the very, very, very first time I tried to turn OpenVPN on via the BR500 web GUI, it just kinda hung ... this was several firmware releases go ... I left it for about 5 minutes with the "spinning circle" ... and then did a reboot of the rouer (closed the web browser, opened a new web brower, and re-booted from the Dashboard page of the BR500 web GUI ... no, I did NOT simply pull the plug!). I think that might have been what originally "confused" it, although in fairness, all I did to get the 5+ minute spinning circle before rebooting the router was click the 'Open VPN Service' checkbox in the web GUI, and then click 'Apply' (again, this was several firmware releases ago ... although simply installing newer firmware releases did NOT fix my problem ... it appears that "playing" with the ports and protocols is what did it). [Any Netgear engineer still reading this is no doubt cringing even more at me rebooting, but more than 5 minutes of a spinning circle exceeds my patience ... and yes, I did time it].
For those keeping track of my numerous (!) posts complaining about the BR500, in addition to getting my Mac to connect to my BR500 via OpenVPN, I also successfully got my Linux cloud server connecting to my BR500 via OpenVPN. I simply installed the OpenVPN software (yum install on CentOS 7), downloaded the 'iPhone' configuration (ovpn) file from the BR500, uploaded it to my Linux server, and then started OpenVPN from the Linux command line:
$ sudo openvpn --config smart_phone.ovpn --daemon
and volia!, my Linux cloud server can now talk to my local (LAN) servers behind the BR500.
So I now have NO OUTSTANDING PROBLEMS on my BR500. The rabbit hole I previously got lost down was connecting to the Insight service and configurating Insight Instant VPN for additional $ ... after that, I had numerous other problems (see my earlier posts if you care what problems), but my BR500 has been stable since disconnecting from the Insight service, and I now have OpenVPN working, so I'm a happy camper! :-)
Thanks to all the other customers on this forum and Netgear engineers who made suggestions and eventually got me here (along with a bit of trial-n-error along the way!).
I'm sharing all of this in the hopes that it may (could? possibly?) help anyone else, and I invite anyone else struggling with the BR500 to contact me for further clarification on any of this, if you so desire.
But mostly I want to get the emotional satisfacton of clicking the 'Solved' button on one of my own posts .... ;-)
Just giving the Mac + Tunnelblck another try - after upgrading to firmware 5.6.0.1 on the BR500 and setting up NETGEAR DynDNS -- now that I know it is free!
Tried installing Tunnelblck again on my Mojave MacBook Air ... and still no joy. The difference between having DynDNS and not is that the remote line in the configuration file has 0.0.0.0 if I do not have DynDNS, and my DynDNS name if it is configured. Nonetheless, I had manually entered the external IP of my BR500 previously in cient.conf (when I was not using DynDNS).
Either way, doesn't seem to make a difference, in that when I try to connect, I see pckets going out, but it is stuck at 'Waiting for server response', and no packets every come in, no matter how long I wait.
However, I have had to add 'dev tun' and remove 'dev tap' from the client configuation file, as per web instructions that pop-up explaining what to do when I get the 'kext' errors ... apparently kernel modules that can't be loaded Mojave. So I am not sure if that is causing my problems?
I have also never been clear on how tunnelblck finds the files in 'nonwindows', e.g., client.crt, client.key, ca.crt, dhcp-client-request.sh. etc. I have those installed in a 'nonwindows' folder on my Desktop, but tunnelblck gets installed in /Applications. So I drag client.conf into tunnelblck, but how does it know where the other files are located? Does it just assume they are in the same folder from which client.conf was dragged? Nonetheless, I also tried editing client.conf to add explicit file paths to the files, "just in case". Also tries installing TunnelBlck in the nonwindows folder and launching it from there. I'm just not sure how it is supposed to work?
So has anyone gotten OpenVPN with tunnelblck to work on Mjoave with the BR500, which has the 'kext' errors unless I remove 'dev tap' and put in 'dev tun'? If so, can you please send me your client.conf (you can mask out your remote line)? And let me know where you have installed the nonwindows files so that they are found?
Thanks!
Just an FYI that I finally got OpenVPN working on my BR500 ... and although I am not 100% sure what the root cause was, I think it was just that my router was "confused" (I'm using that term in a "technical" way).
Previously, I tried three (3) separate OpenVPN clients, and all would just hang a 'connecting', and tunnelblick would explicitly show data being sent but no data received.
So what did I do to get it working? I went to the OpenVPN page of the BR500 web GUI, changed ports from 12973 (TUN) /12974 (TAP) to different ports (I tried 1194/1195), changed it from UDP to TCP, could briefly telnet to those ports from an external server, changed it back to UDP and 12973 / 12974, and voila!, my prior OpenVPN software install (previously not working) on my (remote) Mac started working! I can only conclude that something was "confused" (technical term), and that I "un-confused" it by "playing" with the ports and protocol, which must have reset something in the router configuration. [No doubt any Netgear engineers reading this are now cringing by this description.]
In fairness, the very, very, very first time I tried to turn OpenVPN on via the BR500 web GUI, it just kinda hung ... this was several firmware releases go ... I left it for about 5 minutes with the "spinning circle" ... and then did a reboot of the rouer (closed the web browser, opened a new web brower, and re-booted from the Dashboard page of the BR500 web GUI ... no, I did NOT simply pull the plug!). I think that might have been what originally "confused" it, although in fairness, all I did to get the 5+ minute spinning circle before rebooting the router was click the 'Open VPN Service' checkbox in the web GUI, and then click 'Apply' (again, this was several firmware releases ago ... although simply installing newer firmware releases did NOT fix my problem ... it appears that "playing" with the ports and protocols is what did it). [Any Netgear engineer still reading this is no doubt cringing even more at me rebooting, but more than 5 minutes of a spinning circle exceeds my patience ... and yes, I did time it].
For those keeping track of my numerous (!) posts complaining about the BR500, in addition to getting my Mac to connect to my BR500 via OpenVPN, I also successfully got my Linux cloud server connecting to my BR500 via OpenVPN. I simply installed the OpenVPN software (yum install on CentOS 7), downloaded the 'iPhone' configuration (ovpn) file from the BR500, uploaded it to my Linux server, and then started OpenVPN from the Linux command line:
$ sudo openvpn --config smart_phone.ovpn --daemon
and volia!, my Linux cloud server can now talk to my local (LAN) servers behind the BR500.
So I now have NO OUTSTANDING PROBLEMS on my BR500. The rabbit hole I previously got lost down was connecting to the Insight service and configurating Insight Instant VPN for additional $ ... after that, I had numerous other problems (see my earlier posts if you care what problems), but my BR500 has been stable since disconnecting from the Insight service, and I now have OpenVPN working, so I'm a happy camper! :-)
Thanks to all the other customers on this forum and Netgear engineers who made suggestions and eventually got me here (along with a bit of trial-n-error along the way!).
I'm sharing all of this in the hopes that it may (could? possibly?) help anyone else, and I invite anyone else struggling with the BR500 to contact me for further clarification on any of this, if you so desire.
But mostly I want to get the emotional satisfacton of clicking the 'Solved' button on one of my own posts .... ;-)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
