NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

davidcheok's avatar
davidcheok
Apprentice
Sep 18, 2019
Solved

Orbi Pro Firmware update - V2.4.0.114

Just updated the firmware to the latest today. Nothing seems to have changed.  1) 2nd Wifi still gives a third open SSID (initially seems to work but 3rd open ssid appeared again after some time) 2...
  • evan2's avatar
    evan2
    Sep 18, 2019
    1) 2nd Wifi still gives a third open SSID (initially seems to work but 3rd open ssid appeared again after some time)

    Did you see the issue on 2.3.5.108? then update FW to 2.4.0.114, still see the issue,

    if you see the issue on 2.3.5.108, then update to 2.4.0.114, but config don't change after update, so the issue still happen on 2.4.0.114,

    Please disable WiFi 2 and Enagle again on 2.4.0.114, it won't see the issue again,

    We will fix it in next maintance release.

schumaku's avatar
schumaku
Guru - Experienced User
Sep 19, 2019
davidcheok wrote:
2) Client segregration on wireless 2 resolved

The client segregation is done on a pure L2 level - no VLAN, no dedicated subnetworks, all devices are on the same IP subnet. This was disputed many times before - not that I like it the way it's implemented.

 

davidcheok wrote:
Still unresolved - vpn client on separate subnet
Hopefully vpn issue can be resolved in the next update (without us having to resort to alternative fixes).

Again: This depends on the capabilities of the OpenVPN client resp. the restricted privileges and Kernel access rights available on iOS and Android. The subnet you see is just an intermediate transport network for the VPN. The real disadvantages are in the fact that we have no control on the IP addresses assigned on the VPN subnet, and that Netgear does a many2one NAT for all VPN clients on that subnet, so all VPN clients appear to originate from the same LAN IP address. 

davidcheok's avatar
davidcheok
Apprentice
Sep 19, 2019

"

Again: This depends on the capabilities of the OpenVPN client resp. the restricted privileges and Kernel access rights available on iOS and Android. The subnet you see is just an intermediate transport network for the VPN. The real disadvantages are in the fact that we have no control on the IP addresses assigned on the VPN subnet, and that Netgear does a many2one NAT for all VPN clients on that subnet, so all VPN clients appear to originate from the same LAN IP address. " -

 

roughly translates to :

 

"No, you wont be able to get onto your internal network subnet to access your internal network and the VPN service is simply a tunnel for you to access the internet through your personal network IP address."

 

Understood. Then IMHO that 'feature' should be removed or stated as such so as not to think the purchaser of the device will have such functionality or simply stated "to access the internet via their business IP." From a business standpoint, its simply irrelevant imho.

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Sep 19, 2019

    You can still reach your LAN subnet over the VPN client connection as pre-configured and loaded from the Nighthawk or Orbi Pro system, even if there is an intermediate transfer subnet in the VPN connection path. 

     

    Do a traceroute from the VPN client to your LAN IP ...

     

    No need to argue - the problem is neither with Netgear (I'm not Netgear anyway) nor with th OpenVPN (very popular Open Source VPN implementation). 

     

    Android: https://openvpn.net/faq/why-does-the-app-not-support-tap-style-tunnels/
    iOS: https://openvpn.net/faq/why-doesnt-the-app-support-tap-style-tunnels/

     

    Nothing that blocks you from accessing your LAN in a routed (and NATed) way. It's just not a "remote" Ethernet L2 interface.

     

     

  • davidcheok's avatar
    davidcheok
    Apprentice
    Sep 19, 2019

    Understood. Thank you.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More