Hello,
I have a NAS connected to the CAX80, and would like to access the NAS server from the internet without having to open a port in the router. Cuz that is just too dangerous. I have been bitten by the deadbolt ransomware and have vowed to never open a port in my life.
That said... it's been months trying to enable VPN based on flawed and misleading instructions from Netgear, and despite paying for the pro support, I have no luck. So turning to the community. I followed some instructions for other routers but that have yielded no positive results.
Here is my setup. I am in the Apple ecosystem and have no windows machine. So Macs (machines with Apple Silicon & Intel) and iPhones only (may be one Chromebook but that is a non-priority).
The NAS Server is from QNAP and it statically configured and connected to the CAX80 ethernet port. I can access the NAS server from within the LAN, but issue is the WAN.
I have configured the DNS (under the Advanced Menu in the CAX80 router) as follows:
Service Provider - NoIP.com
Host Name - <blah>.mynetgear.com. {This is the hostname I have in NoIP.com that points to my router Internet Port IP address}
User name: <same user name of NoIP.com account>
Password: <same password of NoIP.com account>
VPN is enabled under the Advanced Menu of the CAX80 router.
==========================================================================================
The router enables you to download the VPN config files that you'd use to configure them with. I tested with 3 VPN apps on my macOS (M1 Apple Silicon). From the config files that I downloaded, the .conf file is configured for TAP mode at the default 12973 port. Here are the results with the following apps:
1) openVPN Connect - Throws an error that it does not support TAP mode. So I change the .conf file to TUN mode pointing to the default 12794 port, with which it connects, but I cannot access my NAS server.
2) Tunnelblick - Throws an error that says
Tunnelblick was not able to load a system extension that is needed to connect to nonwindows-updated-TAP.
The system extension could not be loaded because you have told macOS not to allow Tunnelblick to load its 'tap' system extension, which is signed by developer 'Jonathan Bullard'.
To allow Tunnelblick to install its system extensions, you must allow loading of system software by developer 'Jonathan Bullard'. You can do that on the 'General' tab of 'Security & Privacy' in 'System Preferences'
If you do not see a button to allow loading of system software by developer Jonathan Bullard', try to connect this configuration (which will fail), then look on the 'General' tab of 'Security & Privacy' in 'System Preferences' again.
More information [tunnelblick.net]
I am not going to lower my security posture by following the above advice. However, as with openVPN Connect, when I change the .conf file to TUN mode pointing to the default 12794 port, with which it connects, but I cannot access my NAS server.
3) Viscosity VPN - It connects in both TUN and TAP modes, no problem, however, I am unable to access my NAS Server.
Please note that when I enable the VPNs, I connect my Mac to my iPhones HotSpot to simulate the internet.
I have updated my CAX80 to the latest Firmware Version V2.1.5.2, factory reset all my configuration, and the results are exactly the same.
I am very close to returning the CAX80 back to Netgear, but wanted to check with the experts here at the community to see if my situation can be fixed.
Thank you so much for your big help in advance.
- Raj
