NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
What are the intended VPN uses for Nighthawk MR60
Can someone explain the intended use cases of the VPN software on the MR60? It's advertised as allowing a remote computer to connect to a home network and Internet proxy. I've followed all of the ins...
Am I correct in concluding that TUN mode is designed exclusively for Internet connection sharing and not local browsing?
To answer directly, no. TUN mode establishes a connection to the LAN as though your remote device is part of your LAN. For example, I have Home Assistant running in a docker container in my LAN - no WAN connections (out or in). When remote, I can connect to my LAN with the OpenVPN client and then access all the HA data as though I was at home.
One 'bug' I've noticed is the internet browsing setting (in the router, at the bottom of the VPN page). "Clients will use this connection to access"
* all sites on the Internet & Home network
* home network only
* auto
The setting seems to be ignored sometimes. The 1st value seems to work most of the time.
I'll ask a simpler question, then: is there any way to get the server-side (AKA Nighthawk MR60) configuration file so that way I can figure out what compatible client-side settings I can use from the general OpenVPN software?
Hi,
OpenVPN (in the router) allows, as you say, a remote computer to connect to the LAN. However, the router doesn't assign an IP in your LAN. It assigns an IP in a different subnet and then routes between the two subnets. Use TUN mode.
It works well (I'm using both win & android clients). Here's (part of) my client file - which the router will create for you.
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote x.x.x.x port#
resolv-retry infinite
redirect-gateway
nobind
persist-key
persist-tun
cipher AES-128-CBC
comp-lzo
verb 5
....certificates & key....
Thank you for confirming. Curiously, it worked this time whereas it hadn't worked before. Perhaps it previously failed on IPv6 and/or there was an IPv4 subnet collision. I'll try seeing if I can fiddle with the IPv6 firewall settings or if it's an oversight on Netgear's part.
I'm confused by what you said here:
tramperB wrote:Use TUN mode.
Yet the (working) configuration clearly says dev tap. Does your configuration change that line to TUN and still have it work?
My mistake - you are correct - it should be tun
My 'in-use' client files are 'dev tun' - I picked the wrong backup to copy !
Actual client file is :
client
dev tun
proto udp
remote x.x.x.x port#
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
comp-lzo
verb 5....cert stuff ....
tun mode establishes a layer 3 tunnel between the client & the server's LAN.
tap mode establishes a layer 2 ethernet bridge - not what's required here.
Anyway, glad it's working for you.
Thank you for confirming. I'm a bit confused: I got TUN working with the configuration file that you provided. However, I must use the OpenVPN TAP-Windows6 network interface and not the OpenVPN Wintun interface. I mean, it works, so no big deal, but I thought TAP is TAP and TUN is TUN, so it makes as much sense to me as trying to establish a PPPOE connection over a WiFi network interface.
I also lied a bit in my initial report. The main issue I was having was that I couldn't connect to OpenVPN in Linux. I discovered that there's a
bug"undocumented feature" in the Linux openvpn client where it doesn't run DHCP properly (if at all), and therefore doesn't get an automatic IP address or routing information. For TAP connections, the workaround is to run dhclient tap0 (or whatever the TAP device is) after the VPN goes up. But this also overwrites /etc/resolv.conf, meaning that all DNS requests will go through the VPN.I reckon that TUN will take more fiddling because openvpn gets an address lease, but on the wrong subnet that precludes network browsing.