NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
XR500 VPN Service.. a joke?
I recently discovered that my XR500 has the ability to act as a VPN server (I've long used the Hybrid VPN section) and decided it would be an excellent way to SSH into my pentesting box without having to expose said box to the public internet... or so I thought.
So, I'm just looking for someone in Netgear to shine some light on this feature. It seems like a sham that was added in "just because we could" with no thought as to how it would be utilized.
Issue #1: The settings page is abysmal. It lacks any ability to configure the VPN Service. I cannot set which subnet I want the VPN devices to connect with. Why is this important? My lan is a 10.0.1.0/24 network, and all VPN devices are dumped into a 10.0.2.0/24 network. So, what exactly is the "All sites on Internet & Home Network" do, if I cannot access the devices on my LAN? Access OTHER vpn devices? Not exactly helpful.
Issue #2: The VPN devices do not appear in the Device Manager. You cannot see IP addresses or host names on the VPN network. You can't even see who or what is connected to the VPN network in general. What sort of gap in security are we leaving here? I can't audit the connections? What?
Issue #3: I had to disable QOS to get this to function. What?! This problem has supposedly been around and "in the works" to be fixed for months, if not years, based on a peruse of the forums.
Now, I could get around this by simply adding a VPN tunnel to my VM so that it has a 10.0.2.x address.. BUT GUESS WHAT?
Issue #4: Devices on the LAN can't connect to the VPN service. If your MAC is currently assigned a 10.0.1.0/24 address, you will infinitely loop when attempting to establish a VPN connection.
So, who wants to tell me why this service is useful? Because I can using the remote management settings for router access outside my home? Really?
3 Replies
- You may be better off creating a ticket with NG directly here: http://support.netgear.com/ as it isn't a feature we have created. As such I can only provide limited answers. Regarding the Device Manager the devices aren't shown because the router cannot control them, it shows what devices are directly connected. You definitely shouldn't have had to disable QoS, as far as I'm aware you only need DDNS enabled to use that feature.
Is this not the Netgear community site? Is it not a feature included in the Netgear routers?
Also, what do you mean the router cannot control them? Are you telling me this XR500 is running an unmanaged unmonitored VPN server on it? Who let that past security?
and you absolutely have to disable QoS. It's been mentioned and recommended... quite literally by YOU. How do you not remember this?
https://community.netgear.com/t5/Nighthawk-Pro-Gaming-Routers/Nighthawk-XR500-cannot-use-VPN-Server-for-remote-login/m-p/1798877Netduma-Fraser NetDuma Partner 2019-09-15 05:00 PM Re: Nighthawk XR500. cannot use VPN Server for remote login It's possible that QoS is blocking it from getting any further, disable this fully in Anti-Bufferbloat options and see if that helps at all. Message 23 of 23
It's apparently so bad that even tomsguide recommends disabling it
https://www.tomsguide.com/us/netgear-router-disable-qos,news-27675.htmlI work for Netduma who created the DumaOS portion of the software. Yes but I suggested the ticket as Netgear representatives do not often reply to support here so you'd be better able to receive assistance by creating a ticket.
I'd just going on what I think is happening and I don't think it controls those devices if it's not directly connected, I may be wrong. That was a suggestion to see if it helped, not a concrete answer, I didn't get a response either so wasn't aware if it worked or not.
The tomsguide link doesn't relate to the DumaOS software so I couldn't comment on that as it's not the same software being used.
