NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

agellatly's avatar
agellatly
Aspirant
May 22, 2025

Can anyone get the VPN to actually open a port?

Hello All,

I have an ORBI RBE771. When I manage this device and click Enable VPN Service and select the default TUN and TAP mode ports (12973/12974) then go to this site to obtain my IP address:
https://whatismyipaddress.com/

Then go to this site to see if the ports are open/available:
https://www.yougetsignal.com/tools/open-ports/

These TUN and TAP ports are not open. Can anyone else get their device to actually open ports when turning on the VPN service? Obviously, no client setup is successful - nothing is able to connect.

orbi 770 series

3 Replies

  • Retired_Member's avatar
    Retired_Member
    May 22, 2025

    The default configuration for OpenVPN on Netgear orbi routers is to use the more efficient network alternative (UDP) rather than the more reliable, but less efficient TCP:

    My impression is that most of the "is this port open?" resources send a TCP connection request to the IP address and look to see what happens:

    • A response indicates the port is open
    • A rejection indicates the port is closed
    • No response at all indicates the port is "Stealth"

    It is also absolutely essential that the Orbi router has a public IP address.  This can be checked by comparing the IP address reported by the web resource against the value shown in the Orbi web interface Advanced Tab Home Page under Internet Port.  If they are not the same IP address, then the Orbi router is "hidden" behind another router and cannot be reached.

  • agellatly's avatar
    agellatly
    Aspirant
    May 22, 2025

    Thank you for your response!
    I have confirmed that the public IP address is indeed the IP Address in the Internet Port in the Advanced tab, so it is not behind any other routers.
    I have specifically tested with UDP testers and some report a "timed out" "result" ( https://dnschecker.org/port-scanner.php) whereas others report an empty "status" (https://openport.net/udp-port-checker/) when configured as your picture is configured.

    Do you have any other ideas?

  • Retired_Member's avatar
    Retired_Member
    May 22, 2025

    Just to "double check", I activated OpenVPN Connect on my Samsung Galaxy S23, connected to Spectrum Cellular.  It connected to my RBR50 Orbi and appeared on the list of Attached Devices:

    Thus, even though ports 12973 and 12974 "timed out" on dnschecker.org, OpenVPN is definitely enabled and working.  As another check, I opened a web browser on the phone to IP address 192.168.1.4 (an Epson printer), and the Epson page appeared as expected.

     

    We were taught on the Help Desk that when a client calls and says there's a problem, there is ALWAYS a problem.  Our task was to be patient and discover what the problem was.  (Yes, we have asked, "is the computer plugged in?" and got, "oops. my bad")

     

    In this case, how about changing the VPN configuration from UDP to TCP?  (Download a new ovpn file or edit the existing file to reflect the change).  This way, the dnschecker.org should report the ports open.  Another thought is to change the device that is connecting to OpenVPN.  Because OpenVPN listens only to the WAN (internet) port, my practice has been:

    • Disconnect my cell phone from WiFi to use cellular data.
    • Open a Hot Spot on the phone.
    • Connect the device I want to test to the Hot Spot.
    • Enable OpenVPN Connect on the test device.
    • VPN has worked correctly on smart phone, Windows laptop, Linux laptop, and Android tablet.  (Have no "Apple things".)
    •