NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
firmware V1.0.4.28
On the phone with support troubleshooting vpn connection timeout from multiple locations, has not worked before. I have my own website and i have an A record through 1and1 pointing to my public ip which rarely changes. I would like to use this in the openvpn config, not some dynamic dns service and not require static ip. Not even using my A record, just exporting the ovpn profile using my public ip and i get "no tls handshake within 60 seconds" message in android and windows openvpn client.
Setup documentation here https://kb.netgear.com/29783/How-do-I-use-VPN-service-on-my-Nighthawk-router-with-my-Android-device states:
- An alternative option is through your router's public Internet address
With the support tech I set up no-ip, had to manually update the A record in no-ip to point to the exact same ip address that is my public ip address and after setting the dynamic dns settings in the router to enabled and using the no-ip service it connected perfectly fine. I've diffed the ovpn profile files that are exported with and without dynamic dns configured in the router and the only difference in the files are the remote line and the difference is the hostname/ip, the certs and everything else are the exact same.
This is a bug, vpn service in the router should not be tied to requiring a dynamic dns service in the config, I can handle that myself or update the config and reimport if the ip changes as the dialogs that pop up in the router config advise - they do not say that dynamic dns service is required. dynamic dns being configured should not be tied to the vpn service being enabled.
6 Comments
More proof that a dynamic dns service is not needed and the vpn service being enabled should not be tied together
- I've changed the password and ip address set up in no-ip, so the router cannot connect to no-ip, and if it was able to it would be using the wrong public ip. dyanmic dns is still enabled but the connection information for no-ip is invalid
- I used the ovpn profile that i exported without dynamic dns enabled in the router, i edited the ip in the profile to be my domain with the A record pointing to my IP
- i imported this profile on my phone and was able to connect
I then disabled the dynamic dns service in the router, it also disabled the vpn service(this should not happen as these two should not be tied together. this dropped my connection on my phone. i reenabled both vpn service and dynamic dns service(which still has bad connection information in it to no-ip) and was able to connect with my ovpn profile that points to my domain name hosted on 1and1. This is a workaround for not using a ddns service but a horrid pain in the ass to workaround something that could be fixed in the firmware. Also bandwidth seemed to be pretty limited while on the vpn 20down/6up (cell throughput not on the vpn was higher than what i was getting while on the vpn and my total isp bandwidth the router is connected to is much higher), but thats a different issue that ill log eventually.
Any news on this bug would be appreciated.
Any news on this bug would be appreciated.
- Just to pile on, here's another case where tying VPN service to dynamic DNS being set up on the router doesn't make sense: I actually do use dynamic DNS, but my preferred DDNS provider isn't supported by my router's firmware. This is probably not uncommon: even recent NightHawk firmware only supports three DDNS providers, so anyone using something other than Netgear, No-IP, or Dyn will fall into this category. Instead of setting up a DDNS client on my router, I use a update script that runs on my home fileserver to keep DDNS up to date. However, since I haven't set up a DDNS client on the router itself, it refuses to let me start a VPN server....even though I clearly have a reliable DNS record.
- This is indeed annoying but I didn't get the same problem as ranger_m My workaround is simple (but Netgear please smooth this out). 1: Enable Dynamic DNS and Enter non existing Dyn account with my (Important) hostname.mydomain.com 2: Enable VPN Service and generate a profile for my personal dyn dns. hostname.mydomain 3: Disable Dynamic DNS. As a side note my "DynDNS" is similar. I am executing a shell script on my Synology as a repeating task. It updates the A record on DNSimple through the API.
I agree that this should not be tied to any particular Dynamic DNS service. I also use a dynamic DNS service managed by my DNS Registrar so that I can use my own domain and not the limited selection provided by the DynDNS service. I hope this gets fixed in a future firmware release. Maybe they can offer a "custom" option in the Dynamic DNS page that will not try to call out to any service and still allow their OpenVPN scripts to generate the proper OpenVPN profiles.
Thanks SungamR, I followed your workaround and was able to create an OpenVPN profile with my preferred domain and successfully disabled the DynDNS service in the router after everything was set up. The VPN Service stayed up even after applying this configuration.