NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Having Problems with OpenVPN for Mac
I recently upgraded my ASUS router to a Netgear RS700. I configured the OpenVPN service to TUN mode on UDP port 12973 and TAP mode on 12974. Clients will use VPN to connect to the internet and the home network. I also configured a DDNS service with no IP. My Mac's IP address is static. I tried TunnelBlick, and it seems to connect. I've never used Tunnelblick before, but I see a pop-up showing some sort of communication between the server and the client. When I use OpenVPN, it just refuses to connect. I downloaded the smartphone configuration file, and it still doesn't connect. Did I miss anything? Any ports that need to be forwarded that I missed? I desperately need help because I help my wife with her college courses remotely. Now that I have a new router, I need OpenVPN to work. She is out of state and not very computer-savvy, and can't get her to install Tunnelblick or add the configuration file. Any help will be greatly appreciated.
6 Replies
I configured the OpenVPN service to TUN mode on UDP port 12973 and TAP mode on 12974.
Have you tried both TUN and TAP configurations on the Mac? It's fairly easy to modify the config file to change that.
Any ports that need to be forwarded that I missed?
Only if you are double-routing. Is your RS700 WAN IP address a private address?
- 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
- 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
- 192.168.0.0 – 192.168.255.255
- 100.64.0.0. - 100.64.127.255 (100.64.0.0/10)
Thank you for replying. I haven't configured my Mac for TUN and TAP. Would you be kind enough to show me how to do it?
Thank you for replying. I haven't configured my Mac for TUN and TAP. Would you be kind enough to show me how to do it?
Open Client.conf. You should see something like this:
client
dev tap
proto udp
remote xxxxxxxx.mynetgear.com 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
script-security 2
up dhcp-client-request.sh
To switch to tun, change dev tap to dev tun, and 12974 to 12973.
I forgot to mention that my WAN IP address is public
So not in one of the ranges I listed above?
I forgot to mention that my WAN IP address is public, which is the same IP that AT&T gave me when I set up their router. I cloned the MAC address of the AT&T router and I am able to get internet through the Netgear RS700.
Hi again,
I opened the config file with Text Edit, and this is what I found:
client
dev tun
proto udp
remote xxxxxxxx.mynetgear.com 12973
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
comp-lzo
verb 5
dhcp-option DNS 68.94.156.11
dhcp-option DNS 68.94.157.11
I noticed that the DNS is different from the DNS I use, which is 1.1.1.1 and 1.0.0.1. Would that make a difference?
dev tun
proto udp
remote xxxxxxxx.mynetgear.com 12973Interesting. Your config file is using TUN. The file I posted (using TAP) is the Mac config file from my Orbi 870.
Changing to TAP is worth a try - just save the original file, so you can put it back if needed.
I noticed that the DNS is different from the DNS I use, which is 1.1.1.1 and 1.0.0.1. Would that make a difference?
The DNS servers in the config file are hosted by AT&T. It should be fine to change them to Cloudflare. If that still fails, then you could also try just removing those lines.
