VPN server does not work when Guest Network is enabled

Question

Model: RBR850&nbsp;Problem: Clients connected to the VPN are unable to access devices on the LAN when the Guest WiFi network is enabled.&nbsp;Configuration:LAN IP range: 192.168.1.X (my choice)Guest Network range: 192.168.2.X (router choses)VPN client IP range: 192.168.254.X (router choses)&nbsp;What I suspect is happening:Because I have the Guest WiFi network configured to provide internet access only, the router puts a firewall rule in blocking access to 192.168.1.X from anything outside 192.168.1.X, therefore the guest network devices cannot reach the LAN devices (which is correct). However, because the VPN clients also get IPs outside of the LAN range, this firewall rule also blocks access from the VPN client devices to the LAN devices (which is incorrect).&nbsp;Scenario A: Guest WiFi Network, no VPNIf I were just using a guest WiFi network, but no VPN server, then the router would be functioning properly, as it would block access from Guest network devices to LAN devices, which is correct.&nbsp;Scenario B: VPN server, not guest WiFi networkIf I were just using the VPN server, and not a guest WiFi network, then the router wouldn't have put the firewall rule in place, so everything would be able to access everything, which is correct.&nbsp;The problem ONLY comes because I'm running Scenario A+B, where I have both the VPN server and the Guest WiFi network enabled. It seems like a simple bug in the Netgear Orbi router firmware, just because no one in the "VPN" team talked to the "Guest Network" team. But its a serious problem, in fact a serious fellany, because Netgear Orbi advertises both of these features and does not state anywhere that they will not work at the same time.&nbsp;Has anyone experienced this before? Has anyone investigated further to prove what I suspect is happending?Better yet does anyone have a solution to this? Or a workaround?&nbsp;The only idea I can think of would require knowing EXACTLY how the orbi picks its guest network range and vpn client range based on the user-defined LAN range. Maybe there is a certain LAN range which causes the orbi to pick a ranges for guest network and VPN which DON'T overlap in the firewall rule?&nbsp;Any suggestions are welcome, because unfortunately both of these features are vital to my network and I'll have to buy a different router if I can't fix this in the medium-long term.

FURRYe38 · Answer

What Firmware version is currently loaded?What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

david42 · Answer

Orbit firmware: V4.6.3.16_2.0.51Orbit connected to TP-Link VR1600v, which has routing functions disabled and is purely used as a modem (no double NAT).

FURRYe38 · Answer

Do you see any of these items list for the VPN?&nbsp;"Clients will use this VPN connection to access" or "All sites on the Internet &amp; Home Network"&nbsp;
&nbsp;
Might give newer FW a try as well:
https://community.netgear.com/t5/Orbi-WiFi-6-AX-and-WiFi-6E-AXE/New-RBR850-RBS850-Firmware-Version-v4-6-7-13-Official-Release/m-p/2202301/highlight/true#M29425

david42 · Answer

For the "Clients will use this VPN connection to access", Ive tried both "Auto" and "Home network only", they both have the same problem.I checked for updated firmware in the orbi web UI and it said no newer firmware was available. Is this a beta/otherwise? Or is the orbi failing to detect new firmware?

FURRYe38 · Answer

This version hasn't been put up on the auto update services as of yet so manual installation is needed.
&nbsp;
Review the notes I posted. This is official release.&nbsp;

Forum Discussion

VPN server does not work when Guest Network is enabled

7 Replies