NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Retired_Member's avatar
Retired_Member
Nov 05, 2017
Solved

Nighthawk r7500 vpn setup

I'm new to VPN but learn quickly. I'm trying to setup VPN on my router for a layer of security for my home. I am getting error messeges with openVPN. Following the instructions on the router, many for...
ddns
Features
Installation
Nighthawk
openvpn
R7500
Security
VPN
  • Retired_Member's avatar
    Retired_Member
    Nov 08, 2017

    After reading a LOT of information I decided to sell my R7500 and buy a R7000P  I flashed it with DD-WRT and was done in about an hour...  Super easy.  I'm not sure why Netgear does not have more functionality built in the standard interface.  Thank you all for the replies.

ClarDold's avatar
ClarDold
Apprentice
Nov 27, 2017

I just bought a Netgear R7000P (Firmware Version V1.2.0.22_1.0.78) to replace an Asus RT­N56U.

That router never had good wifi range, and after two years, the 5GHz connection would just die, and I needed to reboot regularly.

But, the VPN seemed better to me than the OpenVPN on the R7000.

 

On the R7000, it seems that port 80 is open to the world as soon as you enable VPN.  I don't like that.

On the R7000, there is only one login, admin?  Is that correct?

On my Asus, I had separate long user names and passwords for each VPN user.

I don't understand having every user log in as admin, and therefore allowing every VPN user full admin access.

 

Can I control what IP addresses or subnets can access port 80?

If I deliver the "smartphone.zip" file via some method, does port 80 have to be used at all?  

If I deliver the zip file, do they ever need the admin login?

 

I think I only need TUN, but I see no way to disable TAP.    

I will be using primarily an iPad into my VPN, often an Android phone, occasionally Windows and Mac.

 

bripab007's avatar
bripab007
Tutor
Nov 29, 2017

I'm not sure what you mean by port 80 being open to the world when you enabled the VPN server. When it's enabled, it'll listen on port 12974--if memory serves--for incoming VPN client connections. I also am not quite sure what you mean by one admin login for the VPN. Your old Asus router likely used an older PPTP VPN server with simplistic un/pw combos as the only method for logging in. The OpenVPN server on the Netgear routers uses client certificate chains (i.e. the .ovpn file you download from the GUI after turning it on). Yes, the Netgear implementation only lets you create a single .ovpn file, and thus, only a single discrete client, but you can connect I think up to two or four VPN clients with that cert on the R7000 (I think the R7500 supports four or eight??). Again, I'm not sure what you mean by VPN user having full admin access--the point of the VPN is to get a remote client onto your LAN, nothing to do with admin permissions. I think most mobile clients use TUN and desktop OS clients like Windows use TAP.