NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

elBlocco's avatar
elBlocco
Aspirant
Jun 05, 2019
Solved

Enabling VPN on R7000 using IPv6

Hello Community,

 

regarding FAQ VPN should work with the R7000 with IPv6.

 

From https://kb.netgear.com/23794/R7000-FAQs:

"Should the VPN feature still work if I have IPv6 connection?
It should work as long as it is a static IP address. Make sure that the WAN IP is accessible from the Internet, whether it is IPv4 or IPv6."

 

But I'm missing any information how to get this running.

Because of Carrier NAT I do not have a public IPv4 adress, only IPv6.

 

At the moment VPN (IPv4) with a windows client in my LAN seems to work, but using an Android client fails. IPv6 doesn't work with both clients, doesn't matter if in the LAN or from Internet...

 

Searching for help...

Thanks in advance,

el Blocco

  • elBlocco's avatar
    elBlocco
    Aug 04, 2019

    Hello,

     

    because I wasn't able to get VPN (with IPv6) running with Genie I decided,

    after reading much about the alternatives, to install FreshTomato. 

    Now VPN is working like a charme, the only issue still exists is,

    that I do not get an /56 prefix, too. But I hope I can fix this, too.

     

    Best regards,

    el Blocco

     

5 Replies

  • elBlocco's avatar
    elBlocco
    Aspirant
    Jun 09, 2019

    Nobody able to help me?

     

    I have now installed my second R7000 as second router in my LAN to get a better test suite.

    - VPN-Service enabled with Defaults (TUN: UDP, 12973, TAP: UDP, 12974)

    - Downloaded the configuration files for windows

    => Works fine with IPv4 (from my internal network to the second one)

     

    - Tried to enable IPv6 on the second router...

    - ...but which configuration should I use?

    - Automatic detect leads to "Pass Through", but do I get an IPv6 adress for the router in this case?

    - "Auto Config"with the IP of the primary router as DNS server seems to work, at least I get an IPv6 adress on WAN.

    - And i am able to ping that adress from my LAN (outside of my second router).

    - But VPN connection fails with

      - TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

      - TLS Error: TLS handshake failed

     

    This is my current configuration for the windows client (client.ovpn):

    client

    dev tap

    tun-ipv6

    proto udp6

    redirect-gateway ipv6

    dev-node NETGEAR-VPN

    remote 2a00:6020:... 12974

    ...

     

    I'm not familiar with OpenVPN or IPv6 at the moment, but I'm willing to learn :).

    So I'm looking forward to your assistance.

    Best regards

      • elBlocco's avatar
        elBlocco
        Aspirant
        Jun 12, 2019

        Hello Darren,

        thank you very much for the reply. I checked it out...

        I built up a similiar test environment:

        - Router 1: 192.168.1.X

        - Router 2: 10.0.0.X

        - Client connected to router1 tries to connect to router2 by VPN.

         

        This works pretty forward with IPv4, but my internet provider doesn't provide a public IPv4 adress. So, as far as I understand, I have to use IPv6 to connect by VPN.

        And this still doesn't work :(.

         

        I was able to enable telnet by downgrading the firmware to 1.0.9.42. So I could check the configuration of the router:

        - There are running two OpenVPN services:

          -  /usr/local/sbin/openvpn /tmp/server_tap.conf (for Windows clients?)

          - /usr/local/sbin/openvpn /tmp/server_tun.conf (for Smartphone clients?)

         

        Here's the content of server_tap.conf:

         

        dh /tmp/openvpn/dh1024.pem

        ca /tmp/openvpn/ca.crt

        cert /tmp/openvpn/server.crt

        key /tmp/openvpn/server.key

        dev tap

        server-bridge

        proto udp

        port 12974

        keepalive 10 120

        verb 5

        mute 5

        log-append /tmp/openvpn_log_tap

        status /tmp/openvpn-status_tap.log

        writepid /tmp/openvpnd_tap.pid

        mtu-disc yes

        topology subnet

        script-security 2

        cipher AES-128-CBC

        auth sha1

        tls-server

        client-to-client

        duplicate-cn

        comp-lzo

        fast-io

        Push "route 10.0.0.0 255.255.255.0"

        Push "route-delay 5"

         

        As far as I can see there are missing at least two settings for IPv6:

         

        server-ipv6 2a03:4000:6:11cd:bbbb::/112

        push "route-ipv6 2000::/3 2a03:4000:6:11cd:bbbb::1 1"

         

        I searched in this forum and found that in 2016 Netgear didn't support IPv6 at all:

        https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Need-help-setting-up-VPN-on-Nighthawk-R7000-in-a-IPv6/td-p/1111846

        But then I found the FAQ where IPv6 is mentioned as possible:

        https://kb.netgear.com/23794/R7000-FAQs

        So I had hope that this has changed in the last 3 years...

         

        I expect I have to investigate OpenVPN configuration files in more detail, now...

         

        Any hints or information on this topic is welcome :).

         

        Best regards,

        el Blocco