NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Enabling VPN service on a NETGEAR router using a MAC OS computer
Hello,
I am trying to enable VPN Service on my MR60 Router with Firmware Version V1.1.7.134_2.0.65. I followed this knowledge base
https://kb.netgear.com/25389/Enabling-VPN-service-on-a-NETGEAR-router-using-a-MAC-OS-computer
I am seeing the following error in Tunnelblick.
2025-11-28 16:10:40.081876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2025-11-28 16:10:40.081983 TLS Error: TLS handshake failed
I reached out to Tunnelblick community and they told me I should contact Netgear support. I reached out to Netgear and they told me they don't provide support for 3rd party software.
I am stuck with this error.
Any help is much appreciated.
13 Replies
I used my phone (turned off wifi) and download OpenVPN and configured using the same config file. I was able to ssh to Jetson.
I used my phone (turned off wifi) and download OpenVPN and configured using the same config file. I was able to ssh to Jetson.
Sounds like the engineer is doing something wrong then.
My guess is, "no". ICMP ('ping') is neither TCP nor UDP. (See https://www.pingplotter.com/wisdom/article/packet-type-differences/) and similar web sites.)
Honestly, I am amazed that using ports 22 and 23 for VPN allows a computer to open an ssh session through the VPN tunnel. "Learn something every day."
If the purpose is to perform command line access to a computer, then the efficiency difference between TCP and UDP would seem to be immaterial. (using a graphic interface and streaming video would be much more data intensive).
My first checks would be:
- Firewall on the LInux system.
- Can he ping other devices on the network over VPN?
Hi StephenB
My engineer is not able to ping to Jetson Orin Nano machine in my network even though the VPN service is running and configured below. He is on VPN client. I can see in the logs
[OpenVPN, connection successfully] from remote IP address:196.217.135.174 Monday, Jan 19,2026 15:15:44
However he is still not able to ping the Jetson or another Linux in my network. You told me last time that I should not use 22/23 and I should switch to UDP for performance reasons. Are they related to the Ping (Request timedout) issue?
Thank you,
Mustafa
However he is still not able to ping the Jetson or another Linux in my network. You told me last time that I should not use 22/23 and I should switch to UDP for performance reasons. Are they related to the Ping (Request timedout) issue?
Could be. I think the question is whether you actually have a functional connection to your home network. Also, if you are using TUN, then I suggest trying TAP.
Can he ping any devices on the network?
Also, is he using a remote network?
I guess there is no harm in changing the port number to 22 (ssh) and 23 (telnet), but it is a bit goofy. I would be more comfortable staying with the default port numbers (12973 for tun - tunnel and 12974 for tap - network tap) If the MR60 has telnet enabled, that might be confusing the OpenVPN Client.
It might be worth trying the actual OpenVPN Client for MacOS:
https://openvpn.net/connect-docs/connect-for-macos.html
Doesn't sound like the tunnelblick user group was very helpful. Maybe OpenVPN users can provide more assistance?
I guess there is no harm in changing the port number to 22 (ssh) and 23 (telnet), but it is a bit goofy.
acayci: Best not to use 22 and 23 ports for this. Some places where you want remote access might block those ports. So I also suggest switching back to the default port numbers. If you do want to change them for some reason, it is best to use something in the private/non-reserved range (49152-65535).
Also, UDP usually gives better performance than TCP for VPNs, so unless you really require TCP, I suggest changing back to UDP.
Success!
I was able to connect using OpenVPN Client. Here is ssh to my Jetson Orin Nano.
Mustafa
I tried to test the ports from my Macbook. I was able to telnet to router port 23 but not 22. Am I confusing myself?
nc -vz <router_ip_address> 23
Connection to <router_ip_address> port 23 [tcp/telnet] succeeded!
nc -vz <router_ip_address> 22
nc: connectx to <router_ip_address> port 22 (tcp) failed: Connection refused
Am I confusing myself?
Maybe.
The VPN tunnel uses one set of ports, the applications use a different set. If you are accessing services on the NANO (like Telnet), that application traffic goes through the tunnel. Both TCP and UDP will go through that tunnel. The ports used by the applications (22,23, whatever) are NOT the same as the ports used to create the tunnel connection.
So you want to use
- the default ports for the both TAP and TUN in the OpenVPN settings on both the router and the OpenVPN client on the Macbook
- UDP for the tunnel itself (whether you are using TAP or TUN).
Once the VPN tunnel is established, you connect to the Nano using the same commands you'd use at home. So just run ssh from terminal to check it (or your usual telnet client if you want to use telnet for some reason).
You can't really test this with nc when the MacBook connected to your home network, because you can't tell whether the traffic is going through the tunnel or not. It is best to set up a hotspot on your phone, and then connect the macbook to your phone - so the traffic runs over the internet through the phone's mobile data connection.
Did you remove the previous openVPN config? (the one that used TCP).
No. I am still using the configuration that uses TCP.
