NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Enabling VPN service on a NETGEAR router using a MAC OS computer
Hello,
I am trying to enable VPN Service on my MR60 Router with Firmware Version V1.1.7.134_2.0.65. I followed this knowledge base
https://kb.netgear.com/25389/Enabling-VPN-service-on-a-NETGEAR-router-using-a-MAC-OS-computer
I am seeing the following error in Tunnelblick.
2025-11-28 16:10:40.081876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2025-11-28 16:10:40.081983 TLS Error: TLS handshake failed
I reached out to Tunnelblick community and they told me I should contact Netgear support. I reached out to Netgear and they told me they don't provide support for 3rd party software.
I am stuck with this error.
Any help is much appreciated.
7 Replies
Did you remove the previous openVPN config? (the one that used TCP).
No. I am still using the configuration that uses TCP.
I tried to test the ports from my Macbook. I was able to telnet to router port 23 but not 22. Am I confusing myself?
nc -vz <router_ip_address> 23
Connection to <router_ip_address> port 23 [tcp/telnet] succeeded!
nc -vz <router_ip_address> 22
nc: connectx to <router_ip_address> port 22 (tcp) failed: Connection refused
Am I confusing myself?
Maybe.
The VPN tunnel uses one set of ports, the applications use a different set. If you are accessing services on the NANO (like Telnet), that application traffic goes through the tunnel. Both TCP and UDP will go through that tunnel. The ports used by the applications (22,23, whatever) are NOT the same as the ports used to create the tunnel connection.
So you want to use
- the default ports for the both TAP and TUN in the OpenVPN settings on both the router and the OpenVPN client on the Macbook
- UDP for the tunnel itself (whether you are using TAP or TUN).
Once the VPN tunnel is established, you connect to the Nano using the same commands you'd use at home. So just run ssh from terminal to check it (or your usual telnet client if you want to use telnet for some reason).
You can't really test this with nc when the MacBook connected to your home network, because you can't tell whether the traffic is going through the tunnel or not. It is best to set up a hotspot on your phone, and then connect the macbook to your phone - so the traffic runs over the internet through the phone's mobile data connection.
I guess there is no harm in changing the port number to 22 (ssh) and 23 (telnet), but it is a bit goofy. I would be more comfortable staying with the default port numbers (12973 for tun - tunnel and 12974 for tap - network tap) If the MR60 has telnet enabled, that might be confusing the OpenVPN Client.
It might be worth trying the actual OpenVPN Client for MacOS:
https://openvpn.net/connect-docs/connect-for-macos.html
Doesn't sound like the tunnelblick user group was very helpful. Maybe OpenVPN users can provide more assistance?
Success!
I was able to connect using OpenVPN Client. Here is ssh to my Jetson Orin Nano.
Mustafa
I guess there is no harm in changing the port number to 22 (ssh) and 23 (telnet), but it is a bit goofy.
acayci: Best not to use 22 and 23 ports for this. Some places where you want remote access might block those ports. So I also suggest switching back to the default port numbers. If you do want to change them for some reason, it is best to use something in the private/non-reserved range (49152-65535).
Also, UDP usually gives better performance than TCP for VPNs, so unless you really require TCP, I suggest changing back to UDP.
