NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
What are the intended VPN uses for Nighthawk MR60
Can someone explain the intended use cases of the VPN software on the MR60? It's advertised as allowing a remote computer to connect to a home network and Internet proxy. I've followed all of the instructions and bounced between Netgear's minimalist documentation, OpenVPN's excessive documentation, and other Internet tutorials of varying levels of usability, correctness and completeness. This has been my experience so far using it, when I've been able to connect:
In TUN mode, the remote computer can connect to the VPN (Nighthawk MR60) and get an IP address. However, the subnet is 192.168.254.0/24, which prevents me from connecting to computers on the default 192.168.1.0/24 local network subnet. I even changed my remote network subnet to guarantee there wouldn't be no subnet collisions. Am I correct in concluding that TUN mode is designed exclusively for Internet connection sharing and not local browsing?
In TAP mode, I can connect to the VPN, but no IP address gets assigned. I assume that I have to fiddle with Ethernet bridging on the client end to hook into the 192.168.1.0/24 subnet? I assume, once I'm able to figure out how to configure this with OpenVPN documentation, that I'll be able to connect to local network computers through the VPN. Is the only way to connect to computers on the local network using TAP mode?
I don't suspect that there are any firewall issues, as I'm able to connect and the MR60 serves as the Internet-facing gateway for the local network (the modem to which it's connected acts strictly as a modem, not gateway)
For greater certainty, I assume that IPv6 is unsupported in VPN connections, as the MR60 seems to refuse all IPv6 connection attempts but accepts IPv4.
Am I correct in concluding that TUN mode is designed exclusively for Internet connection sharing and not local browsing?
To answer directly, no. TUN mode establishes a connection to the LAN as though your remote device is part of your LAN. For example, I have Home Assistant running in a docker container in my LAN - no WAN connections (out or in). When remote, I can connect to my LAN with the OpenVPN client and then access all the HA data as though I was at home.
One 'bug' I've noticed is the internet browsing setting (in the router, at the bottom of the VPN page). "Clients will use this connection to access"
* all sites on the Internet & Home network
* home network only
* auto
The setting seems to be ignored sometimes. The 1st value seems to work most of the time.
9 Replies
I'll ask a simpler question, then: is there any way to get the server-side (AKA Nighthawk MR60) configuration file so that way I can figure out what compatible client-side settings I can use from the general OpenVPN software?
Hi,
OpenVPN (in the router) allows, as you say, a remote computer to connect to the LAN. However, the router doesn't assign an IP in your LAN. It assigns an IP in a different subnet and then routes between the two subnets. Use TUN mode.
It works well (I'm using both win & android clients). Here's (part of) my client file - which the router will create for you.
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote x.x.x.x port#
resolv-retry infinite
redirect-gateway
nobind
persist-key
persist-tun
cipher AES-128-CBC
comp-lzo
verb 5....certificates & key....
Thank you for confirming. Curiously, it worked this time whereas it hadn't worked before. Perhaps it previously failed on IPv6 and/or there was an IPv4 subnet collision. I'll try seeing if I can fiddle with the IPv6 firewall settings or if it's an oversight on Netgear's part.
I'm confused by what you said here:
tramperB wrote:Use TUN mode.
Yet the (working) configuration clearly says dev tap. Does your configuration change that line to TUN and still have it work?
Am I correct in concluding that TUN mode is designed exclusively for Internet connection sharing and not local browsing?
To answer directly, no. TUN mode establishes a connection to the LAN as though your remote device is part of your LAN. For example, I have Home Assistant running in a docker container in my LAN - no WAN connections (out or in). When remote, I can connect to my LAN with the OpenVPN client and then access all the HA data as though I was at home.
One 'bug' I've noticed is the internet browsing setting (in the router, at the bottom of the VPN page). "Clients will use this connection to access"
* all sites on the Internet & Home network
* home network only
* auto
The setting seems to be ignored sometimes. The 1st value seems to work most of the time.