RBR850 Can't get VPN to work

Question

&nbsp;Hi - I am trying to get my Netgear Orbi RBR850 embedded OpenVPN up and running. I am running the OpenVPN GUI on a Windows 11 PC that will be running 24/7.&nbsp;My RBR850 is running firmware v4.6.14.3_2.3.12.&nbsp;&nbsp;I am running&nbsp;OpenVPN GUI 11.43.0.0/2.6.5&nbsp;Following the Netgear instructions, I have enabled the VPN support on my router, and downloaded the Orbi's generated OVPN config files, which I put into the OpenVPN config directory.&nbsp;Here is the problem:&nbsp;When I run the Windows OpenVPN GUI and try to connect, I see a yellow icon instead of a green icon.&nbsp;Trying to connect to my VPN using my Android phone always results in a timeout.&nbsp;After starting the VPN connection in the GUI, the log files originally showed a "No server certificate verification method has been enabled" recurring error. After doing a little research, I found a (hopefully correct) solution to this issue by adding&nbsp;remote-cert-tls server&nbsp;to the end of my OVPN config file. I don't see the "No server certificate" error anymore in the logs.&nbsp;However, I do see another error in the OpenVPN log that may be the reason for why I can't get it running. I also see the following error:&nbsp;DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305).Additional information: I have my internet service through Verizon 5G Home Internet. As a result, my IP address changes frequently. To handle this, I have DDNS enabled on my Netgear Orbi. I have verified that the DDNS service is properly updating my DNS IP address. The Orbi's generated OVPN config file does have a&nbsp;remote xyz.ddns.net portnum&nbsp;line in it for supporting the DDNS address.&nbsp;Can anybody help me get the Orbi VPN operational?&nbsp;Thanks!

FURRYe38 · Answer

Might check into installing some Beta FW.&nbsp;
https://www.surveymonkey.com/r/G32BGFF
&nbsp;

NG_LostMyAcct · Answer

OK, I made a little (but only a very little) progress.

I figured out that I needed to connect to my Orbi outside of my LAN to test the VPN (this makes sense, it's probably the network equivalent of trying to look inside your head).

Anyways, when I tried connecting to my Orbi VPN with my Android cell phone using the cellular network, I was able to establish a connection to my Orbi VPN.

However, once the VPN link was established, it was INSANELY slow - like, slower than dial up speeds (1 kbps or slower).

Trying to do multiple speedtest.net tests, all failed due to time-outs.

What do I need to do to have my Orbi act as the gateway to the internet for my VPN connection from my phone?

CrimpOn · Answer

NG_LostMyAcct&nbsp;wrote:
What do I need to do to have my Orbi act as the gateway to the internet for my VPN connection from my phone?

Perhaps I misunderstand, but there appear to be two distinct issues:

Enabling OpenVPN Host on the RBR850 router.
Using the RBR850 as an internet gateway for a cell phone connection.

Each specific DDNS provider has a unique method of keeping their DDNS entries synchronized with changes in the public IP address of the host system. Netgear has programmed the Orbi to be compatible with only three DDNS providers:

Their own service (NETGEAR)
www.NoIP-com
www.Dyn.com

These are the only DDNS providers that will remain synchronized.&nbsp; The comment about xyz.ddns.net appears inconsistent with this basic situation.&nbsp; (Perhaps I misunderstand.)
&nbsp;
Yes, the only method to verify that OpenVPN is working is to connect to the Orbi through the internet.&nbsp; My practice appears to be similar to yours:

Disconnect my cell phone from the Orbi WiFi network and use LTE data.
Enable OpenVPN on the cell phone (mine is Android) and verify that the connection opens correctly.&nbsp; Open a web browser and verify that the Orbi router web interface opens at 192.168.1.1.&nbsp; Use some other network tools to verify that the 192.168.1.x network is available.
On the Orbi web interface, verify that the cell phone appears as a "VPN" connection type (rather than wired or WiFi).
Shut off the cell phone OpenVPN.
Create a WiFi Hot Spot on the cell phone.
Connect the laptop to the Hot Spot.
Enable OpenVPN on the laptop and verify that it connects and functions correctly.

Netgear includes OpenVPN Host in routers to enable customers to access their home network when not at home.&nbsp; Yes, there is an option to allow devices connected via VPN to "access the internet" and some customers make use of this feature. (Often to present the appearance of connecting to internet resources from their home location when they are not at that location.)&nbsp; Although the VPN connection between cell phone (or laptop) and the Orbi is encrypted, the connection between Orbi and the internet is "whatever it is".&nbsp; i.e., if you access a plain http web site, it is not encrypted.
&nbsp;
Of course, every transmission has to go through a torturous pathway:

Laptop or cell phone through the internet to the Orbi.
Orbi out to the internet.
Internet back to the Orbi.
Orbi back through the internet to the cell phone or laptop.

I would prefer to get rid of all that and go directly that whatever internet resource I need.&nbsp; If encryption is desired, install a commercial VPN on the cell phone or laptop and be done with it.
&nbsp;
(That said, what I would do it not relevant.)
&nbsp;
What it sounds like is:

You got OpenVPN working on the Orbi, and
Performance through the Verizon 5G Home Internet sucks when everything has go pass through four times.

NG_LostMyAcct · Answer

Hi,&nbsp;CrimpOn&nbsp;- Thanks for replying back, this has been driving me nuts.&nbsp;The pathway to access the internet through the Orbi VPN tunnel shouldn't be considered "tortuous", though a small amount of loss due to VPN protocol overhead is of course expected. The route you listed is exactly the same route that every commercial VPN provides, and typically I see 5% or less bandwidth loss with the commercial VPNs that I have used in the past. I have a 300+ Mbps down / 20+ Mbps up ISP, but when I have the Orbi configured to act as an Internet access VPN, my bandwidth drops to single-digit kbps rates (more likely, 0.00 kbps). Obviously, this is not operating properly.&nbsp;However, my Android OpenVPN Connect app does show an assigned IP address within the LAN network's IP range, so something is working right. I am also able to ping my LAN's gateway IP address fine.Since the Orbi VPN is supposed to allow communication to my home LAN (as a minimum), I tried the following experiment: With the VPN disabled and my phone on the LAN via WiFi, I was able to transfer files from my NAS to my phone via SMB at a 280 Mbps data rate. But, when I tried to connect to the NAS when the Orbi VPN was enabled on my phone, my phone failed to login to the NAS - again, indicating that the Orbi VPN isn't working as advertised.&nbsp;

F_V · Answer

I'm sure you've already thought of this, however in case not I wanted to point out something.&nbsp; While you have a 300/20 connection, when you are connected to your home network via VPN, remember that the only bandwidth you are going to be able to take advantage of is the 20 upload speed, as even though you are on your phone downloading, your home network is actually uploading data to you.&nbsp; What upload speeds do you actually see on your LAN during a speed test?&nbsp;I've never used the Orbi as a VPN server, instead opting to use pfSense for all those services.&nbsp; If you like to tinker a pfSense firewall on the WAN side of your Orbi is a lot of fun to play with.&nbsp;&nbsp;

Forum Discussion

RBR850 Can't get VPN to work

9 Replies