NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

gregmiller's avatar
gregmiller
Aspirant
Oct 14, 2020

BR500 Mac VPN problem with Big Sur

My office has a br500 vpn router, and all the macs at home connect to it to do work. With big Sur, we are not able to connect any longer. The client software Netgear recomends - tunnelblick - no longer works with TAP, which apparently the br500 uses. can anyone help?

7 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Oct 15, 2020

    gregmiller,

     

    Welcome to the community! :)   

     

    Found out that you have an ongoing support ticket with NETGEAR Support and its already escalated to the higher tier of NETGEAR Support.  You may want to share here the progress of your support ticket here. 

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • gregmiller's avatar
      gregmiller
      Aspirant
      Oct 15, 2020

      Well, i dont really care about blame. I just need to know how to either modify the vpn the br500 has built in so that it doesn't require either the tap or tun (whichever is the one thats causing issue) or have netgear recommend or support a solution for their product so that all platforms can log in and use the vpn.

       

      Any suggestions on how to move forward?

      • schumaku's avatar
        schumaku
        Guru - Experienced User
        Oct 15, 2020

        To early. Big Sur is in Beta - so nobody will provide you with a ready solution today.

         

        TAP and TUN are two methods known in OpenVPN for a bride resp. a tunneled connection. No TAP and no TUN == no OpenVPN. Somehow a VPN network interface must be included into MacOS.

         

        gregmiller wrote:

        Any suggestions on how to move forward?

        Disable SIP - the suggested workaround by the makers of Tunnelblick for now - does not work?

         

        Probably the Open Source world does come up with a solution (Apple permitting), probably the OpenVPN team does come with a solution (Apple permitting), probably Netgear does develop an OpenVPN solution for MacOS OpenVPN (Apple permitting). I don't know. 

         

        Matter of fact Apple does try to prohibit something very useful for the sake of SIP. Appears Apple does try to make it difficult at least.

         

        Face it: The OpenVPN solution (used by many Open Source and commercial VPN solutions) by using Tunnelblick is becoming wonky, this became visible on earlier communication ref. SIP.

         

        Have read and understood the Tunnelblick link provided above?

         

        Worst case: Be prepared to be without a OpenVPN based VPN from day X on your MacOS system.

         

        Potentially, Netgear will come up with a solution for using IPsec not only for a site-to-site, but also for a IPsec based "dial-up" VPN - YeZ please.  

         

        In case it looks I'm not happy with Apple. Yes, I'm not impressed. 

  • keb's avatar
    keb
    Aspirant
    Nov 16, 2020

     

    I had the same issue after upgrade to Big Sur. Vpn to my nighthawk stopped working.

    TAP mode is not supported anymore. (https://tunnelblick.net/cKextLoadError.html)

    Solution using tunnelblick (or VIscosity):

    Download "for non-windows" from Netgear advance seutp->VPN Service

    Edit the. xxxx. conf file change the line starting with "remote" to "TUN" port (ip and port available in in Netgear advance seutp->VPN Service->tun mode service port)

    Change "dev tap" to "dev tun"

    Save

    Add .tblk to the downloaded folder.

    Drag to Tunnelblick (or import to Viscosity VPN)

    Connect from Big Sur should now work.

     

     More details here:

    https://tunnelblick.net/cTunTapConnections.html

    • aer2345's avatar
      aer2345
      Aspirant
      Nov 21, 2020

      I tried what you said but am getting an error. 

       

      The OpenVPN log contains the following message:

      "Unrecognized option or missing or extra parameter(s)".

      This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:

           • has been misspelled,

           • has missing or extra arguments, or

           • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.

      See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.

       

      • keb's avatar
        keb
        Aspirant
        Nov 21, 2020

        Hi 

        Sorry to hear that your config does not work.

        Client side I am using Tunnelblick 3.8.5beta01 (build 5610) (or Viscosity which imports settings from Tunnelblick)

         

        Here is my  .conf (which works from Big Sur), maybe that could be helpful

        Replace the "nnn.nnn.nnn.nnn" with router IP and "mmmm" with portnumber of the TUN

         

         
        client
        dev tun
        proto udp
        remote nnn.nnn.nnn.nnn mmmm
        resolv-retry infinite
        nobind
        persist-key
        persist-tun
        ca ca.crt
        cert client.crt
        key client.key
        cipher AES-128-CBC
        comp-lzo
        verb 5

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More