- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: D7000 OpenVPN Server configuration issue
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
D7000 OpenVPN Server configuration issue
Hi,
I recently purchased a D7000 modem/router (firmware 1.0.1.44) with the hope of being able to access my home security cameras remotely from my Android mobile phone but have had no such luck 😞
My home network runs on the 192.168.1.x subnet with the router being 192.168.1.1.
I have enabled the VPN Servce on the D7000 and selected the 'All sites on the Internet & Home Network' option hoping that everything would go through it.
I downloaded the appropriate configuration files and added these to my Android phone and was able to successfully connect to the router. Yay.
Unfortunately I am unable to browse any web site nor access the Network Video Recorder (NVR) using the proprietary software on my phone.
Looking at the OpenVPN logs it says:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [route] 192.168.1.1] [255.255.255.0]
2 [route-gateway] [192.168.2.1]
3 [topology] [subnet]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [192.168.2.2] [255.255.255.0]
Further down it also says:
[192.168.1.1] [255.255.255.0] : tun_prop_error: route is not canonical
I'm guessing that the tun_prop_error is the reason for no internet access but cannot find anywhere to specify the correct address? (I have also tested this on an IOS device with exactly the same outcome)
The only thing I have been able to access is the routers configuration page at 192.168.2.1. Loading any other web page simply times out.
As a secondary question, do I need static routes set up in order to get to the NVR? Since the NVR runs on port 8000, will this work across the VPN?
If anyone has any answers for any of these questions I'd love to hear them. Please 🙂
Thanks
Komp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
I have exactly the same problem. At least now I don't have to look for things I have done wrong. It is either a problem with the router or a setting I don't know of.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
You may need to contact OpenVpn for help with these settings or check some of our Kb articles on this.
http://kb.netgear.com/app/answers/detail/a_id/23854?cid=wmt_netgear_organic
DarrenM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
That link just explains how to set op the VPN link. My Problem is that when the link is established I cannot access anything on the LAN.
A VPN link from the same device to my NAS works perfectly, so I do know how to set it up.
Having read other threads on how insecure Netgears implimentation of VPN is I will not now be using it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Same issue.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
Hi Komp,
I too have the same problem. On my 192.168.19.0/24 network, how you, I connected a ip-cam and wanted access to the stream video via vpn from smartphones. Enabled on the router vpn client and imported the appropriate configuration on my smartphone. At tun0 device on smartphones it is assigned ip 192.168.2.2, ping the router (192.168.2.1) is OK, but I can not ping the ip address on my 192.168.19.xxx network. I too have the same "openvpn" log.
23: 34: 58,790 - EVENT: ASSIGN_IP
23: 34: 58,795 - Error Parsing IPV4 route: [route]
[192.168.19.1] [255.255.255.0]: tun_prop_error: route is not canonical
23: 34: 58,861 - Connected via tun
23: 34: 58,862 - EVENT: CONNECTED
info = '@ .... myurl: 12973 (149.xxx.xxx.xxx)
via / TCPv4 on tun / 192.168.2.2 / '
I tried two smartphones: Honor 7 => Android v. 6.0 and Oppo Find5 => crDroid => Android v 6.0.1.
In my opinion from the server side it is made the command: push [route] [192.168.19.1] [255.255.255.0] prematurely.
With which version of Android you have tried?
Thanks
Michele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
process "openvpn" active on my router D7000:
3015 root 3132 S /usr/sbin/openvpn --config /etc/server.conf 3017 root 3476 S /usr/sbin/openvpn --config /etc/server_phone.conf
file /etc/server.conf ==> For connect client Desktop Windows, Linux, Apple
dh /tmp/openvpn/dh2048.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/server.crt key /tmp/openvpn/server.key dev tap0 server-bridge proto udp port 12974 keepalive 10 120 verb 5 mute 5 log-append /tmp/openvpn_log writepid /tmp/openvpnd.pid mtu-disc yes topology subnet cipher AES-128-CBC auth sha1 tls-server client-to-client duplicate-cn comp-lzo fast-io push "route 192.168.19.1 255.255.255.0"
file /etc/server_phone.conf ==> for connected client smartphone
dh /tmp/openvpn/dh2048.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/server.crt key /tmp/openvpn/server.key dev tun server 192.168.2.0 255.255.255.0 proto tcp port 12973 keepalive 10 120 verb 5 mute 5 log-append /tmp/openvpn_log writepid /tmp/openvpnd.pid mtu-disc yes topology subnet cipher AES-128-CBC auth sha1 tls-server client-to-client duplicate-cn comp-lzo fast-io push "route 192.168.19.1 255.255.255.0"
Ver. openvpn:
OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Oct 12 2016 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes
enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown
enable_eurephia=yes enable_fast_install=yes enable_fragment=yes
enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes
enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes
enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no
enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes
enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes
enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no
enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no
enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl
with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
Link manual openvpn v. 2.3 : https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
Best Regards
Michele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
I never tried an old phone and tablet running Android 4 and a new phone running android 6.
I have also tried from a Windows laptop.They all connect but cannot access the LAN.
I can connect to my Synolgy NAS on the same network with no problem from all devices.
I don't have to use the router so have given up. Next time I buy a router it will be from a manufacturer who can make their equipment work.
The Synology set up was a doddle. Create a certificate and copy it to the device. It just works.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
Best regards
Mi hele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
Hi ,
this evening I completed the openvpn configuration for my ubuntu server, pulling all of commands from the configuration of openvpn on router, of course doing the obvious certificate changes and ip openvpn server. Without even the consequent amendment on the openvpn client configuration, in my case I tried with your smartphone. Tried connecting, everything ok.
I can connect to my server with ip 192.168.2.1, defined as openvpn server, 192.168.19.22 I connect to the server without problems.
No error appears on the client openvpn log.
I can not connect other ip in my network just because I do too many changes on the server to do the forward traffic to and from other devices.
So the problem lies in the openvpn service configuration of the router D7000.
In the coming days I try to make changes and let you know the results.
Bye
Michele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
Hi,
I checked the server side configuration (D7000 router), there are mistakes:
(the configuration files: /etc/server.conf and /etc/server_phone.conf i've shown in a previous post)
in my configuration the line :
push "route 192.168.19.1 255.255.255.0" #### this is wrong.
The correct command in my router configuration would be:
push "route 192.168.19.0 255.255.255.0"
this is because when the OpenVPN is connected the setting is passed to the client (push) as a parameter to be used by the "ip" command (in linux) by performing a "ip route add 192.168.19.0 255.255.255.0". This will cause all traffic directed to the client ip address 192.168.19.0/24 it will be routed to the gateway 192.168.2.1, ip address of server openvpn running on D7000 router.
If unlike me you did not change the subnet router, then router assigns ip 192.168.0.0/24 , the line in the configuration file must be:
push "route 192.168.0.0 255.255.255.0"
Thus setting the client-side configuration is ok, IP traffic is routed in the right way.
There is still something at the router level, firewall and routing that is not complete or correct; there do not know if I can make changes to test their functionality.
Bye
Michele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Reply to Komp:
Hi Komp,
if openvpn working properly, with your smartphone or laptop to remotely like You're connected to your router's network, and then to reach the NAS port 8000, from the browser:
http://192.168.1.xxx:8000
xxx = ip of your NAS
Bye
Michele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rif.: D7000 OpenVPN Server configuration issue
Hi,
I can not point how to make changes to /etc/server.conf and /etc/server_phone.conf files because these are not definitive, that is, if I turn off and turn on the router, are lost, and the files will be as before.
To get the permanent change, you need to be Netgear that makes changes to the firmware.
In the previous post to komp remembered evil: I refer to your NVR not to NAS.
Bye
Michele
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
I also have the same issue. It apears that the only way forward in resolving this issue is for Netgear to correct the OpenVPN settings within the firmware, recompile and release a firmware update.
Alternatively they my consider creating a menu option within the firmware setup that allows the user to pre-define the VPN setting that they wish to use - very similar to the Billion 7800 series modems where the VPN settings are configurable.
Another solution may be to allow the option with the firmware menu to support VPN passthrough espcially for L2TP VPN (especially as the new iOS upgrade no londer support PPTP and PPTP ports can be passed through with no issues). At the moment you can't port forward UDP 500 as it is used by the modem internally by READYShare you cannot disable READYShare.
Do netgear support have anything to add especially as the D7000 is not the cheapest modem on the market but the support from Netgear is a bit on the pathetic side.
All us D7000 users have all provided solutions to the OpenVPN solution that the modem is supposedly meant to support but doesn't work so how about the Netgear engineers get to work on implemeting a workable solution.
How do Netgear expect consumers to buy their products when users read of these issues. Trust me Netgear, users don't buy an expedsive modem that claims to support VPN and doesn't just becuase it may look ergonomically good!
Regards
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Hello,
I have the same problem on my D7000.
I confirm what Michele9999 written.
The openvpn server conf files are wrong.
The correct statement must be:
push "route 192.168.0.0 255.255.255.0" and not 192.168.0.1
Can Netgear support change this asap please?
Thanks!
A
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Hi everyone,
I really hope this discussion is not closed yet, because I really have the same issue, and that's frustrating and annoying for such a router which makes VPN a primary key for the business (which also it's not cheap at all).
Anyway, I made some improvements: I was able to prevent the error and also surf the internet.
Unfortunately, the LAN is still not reachable.
My changes applied to the client_phone.ovpn are the following (bold):
client
route-nopull
route 192.168.1.0 255.255.255.0
dev tun
...
I also tried the push "route 192.168.1.0 255.255.255.0" command but it's the same as the one writed before.
I would ask michele9999 how was he able to modify the server configuration file.
Where did you find it? The "temporary" solution could be nice till Netgear engineers won't fix this for good.
I agree with the community: a NEW FIRMWARE is absolutely REQUIRED URGENTLY!!
Btw: are you aware about any previous firmware which is not affected by this issue? Maybe 1.0.1.42 worked? Any experience to share?
Thanks to all.
Looking forward to get some help from you or Netgear.
Best regards!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Hi,
I have the very same issue, I initially did not need the VPN on smartphones but I have set it up and tried to connect, it was linking so I ended my test and kept using my device.
Yesterday I did more tests and I am in your same condition, VPN is linked but push is not correct so I can reach the D7000 (I have more than one and it is the same issue on all of them) but I can't go anywhere else.
Do you, or some mod, know when there will be a fix for this? if I'm not wrong the topic is dated end of 2016
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
I have given up with the router and now use my Synology NAS as the VPN server. It works perfectly and I can access the whole of the LAN.
Come on Netgear, others can get it right.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
I did ring netgear support and the engineer I spoke to was not as hopeful as I wished he would be. All he kept pausing was the fact that I was outside the 90 day free phone support and that I would need to pay them money to extend the warranty for 1 year so that the engineers can investigate and tell me that there's a problems with the firmware when it comes to openvpn - what a f$&@!?g joke.
I told him to read the netgear community and whirlpool forums about this well know documented bug - but it looks like no mater what we write in this forum it doesn't look like netgear pay any attention.
What the engineer recommended is that I downgrade (yes downgrade) the firmware on the D7000 back to one of the original firmware versions to see if that fixes the issue - what a joke. I can guarantee that it won't. At this point I knew I'm dealing with a company that hires clowns and this issue may never be fixed.
Has anybody else contacted netgear support about this issue?
At the end of the day a firmware upgrade is required it correct the Openvpn issues for Smartpuones as it works correctly when using it in my Mac (OSX). I've tried to change the smartphone config files to mirror the TAP settings for non-windows devices but this fails as the openvpn client application on my opinions needs that TUN setting so you cannot attempt it trick the application.
I have also tried the other settings for internet & and home network acceess - FAILS, home network access - FAILS, and the auto setting - Wow a sense of success but when I investigated further all this did was try and detect the best possible internet access path which was using my 4G phone connection and not home network access - so another FAIL. I've also tried static routes, port fowading, changing my home subnet - FAIL, FAIL, FAIL. After sounding like a mythbusters episode, and trying different settings and workarounds netgear still want me to pay them so that their engineers could tell me the same thing that the hard coded Openvpn server settings for TUN are not working and a new firmware needs to be released.
Come on Netgear, we the people of this commmnty netork that you urge urge us to use but not read yourself have already extesively testing this bug and require you to now fix the issue. We have spend and bought a top end router because of the ability to do use it's bells and whistles to our advance when building secure home or small business netwirk. When you buy a router if this type that you can manipulate the setting you are a competent IT professional with many years experience who understands networks and netork devices at a very advanced level and trouble shoot issues for a living.
All I'm asking is that Netgear as a reputable company read these comments about the vpn, respect us for our many years of knowledge as fix the the issue because it's we've been waiting way to long. If we were to al take ot social media and complain about the lack of support and that after the 90 day free support has expired that netgear want to charge to even discuss a know issue of bug that would be more damaging to the company.
Anyone else wish to share their comments.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Good news folks!
Today I was contacted by Netgear 2nd level technician to fix this issue.
He finally came up with a beta firmware which fixed this problem for good.
After our call, he told me that he will bring this topic to the engineers in order to release a new firmware asap.
So, let's hope Netgear engineers will listen to this hero.
Stay tuned!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Hooray! They may get round to fixing something that should have worked from day one.
We should be so greatful that they are considering making the equipment, that we paid for, work.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
I see your point,
but complaining and blaiming doesn't really fix or help here.
Netgear for sure made a mistake.
As well as, for sure, they should have been able to see it, recognize it and fix it from day 1.
But you know, **bleep** happens.
Let's keep positive and focus on the fact they are now aware about this problem, they found a solution and they will probably come with a new firmware to fix it on every D7000 sold on the planet.
That's a win. For sure.
Better than complaining on a community that we discovered Netgear doesn't even give a s****.
Anyway, in my opinion the really bad or even worse part is related to the 0 assistance after the 90 days from the purchase (unless you pay fot the extended support.. which is unbelievable!)
That's not acceptable at all.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
Yes things do go wrong but it has been wrong for a long time.
The router is not a cheap model, ok it's not a very expensive businnes model, therefore I do expect a certain standard from it.
Will the problem which was posted earlier, that the certificate is the same for all routers, be addressed?
Even If fixed I probably won't use the router as a VPN endpoint as my Synology NAS does a fine job but it would be nice to have the choice if I put the router elsewhere.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: D7000 OpenVPN Server configuration issue
I agree with you, this router is not a cheap model and the expectation are high on top level router (even if home user).
But Netgear was not completely foolish and, at least, the connection via Mac or Win works (and worked) just fine (tested myself with V1.0.1.44 firmware). So, the issue occurs (occurred in my case) just using the mobile phone VPN.
The technician said the problem would be addressed but I can't make promises. I do not work for Netgear. 😉
Some people like you have found a different solution for this problem. There's always a workaround. 😉
I personally wanted to face it with Netgear support since my router was still covered by the 90 days full warranty and I had the chance to help you guys fixing something that maybe one day can be helpfull for you as well.
Let's hope Netgear will share a new firmware with all of us soon.
They have to atone for what happened somehow.. 😉
maybe some new cool free feature ... (working one hopefully) 😄
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more