Putting the timestamps at the beginning in some sortable form, e.g., YYYY-MM-DD;HH:MMS.ttt,
would allow the logs to be collected from the various mail messages and returned to their original ordering and saved in a log file, DB, NAS folder, etc.
1. Looks like it's using SHA1 which is obsolete:
Fri Mar 3 07:54:22 2017 us=826132 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri Mar 3 07:54:22 2017 us=826220 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Mar 3 07:54:22 2017 us=826266 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri Mar 3 07:54:22 2017 us=826311 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication WFri Mar 3 07:54:22 2017 us=826456 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
I'm glad you're using TLS1 and AES, but I'd expected SHA1 would have been retired years ago. SHA2 is the new minimum. Actually, if you want these devices to last, I would think you'd go for the maximum that clients are likely to support, since today's maximum becomes the minimum in 2-5 years.
2. There is no way to specify different users for the VPN. Presumably anyone with the zip file of certificates can connect to this VPN. If there were multiple users and a key were compromised, we could shut down that user and keep using the VPN. But with this router, there's only one VPN "user". Maybe multiple people can use that at once, but if the certificate/key were ever exposed, I think our only secure recourse would be to get a new router.
I understand that this is a home router, so maybe having a VPN at all is an afterthought - most people only care about an easy setup and fast routing. But even dd-wrt has a facility to create multiple VPN clients, each with a different password:
I guess I had expected some way to manage VPN clients.
PLEASE update the Genie program. It is so slow, clunky, outdated, and ugly. It's really pathetic, especially in the vain of more expensive hardware. The user experience does not match the price. It's like buying a Mercedes but the seats are made of cheap cloth. If I spend hundreds of dollars on a top of the line product, I expect the software to be excellent. Other companies have much better software. Catch up.
Feature request: Make it possible for satellites to connect to each in order to extend coverage in tall or long houses.
I live in a four story town house and have bought the Orbi system in order to get better wifi on the top floor. The base is placed in the center of the ground floor which gives great coverage for the ground floor and the first floor. The satellite is placed on the second floor and extend the wifi to the third floor. On the fourth floor the is no wifi coverage I would love to buy a second satellite and place it on the third floor but I understand that this is not possible because it has to be within the reach of the base... I would love if Netgear could add the option for a "true mesh". This is also what I expected when I bought it because it is marketed as a mesh network.
There is currently no way to install a proper PKI-chained SSL certificate from a third party like Comodo or StartCom SSL. With all current versions of the NETGEAR firmware, when enabling HTTPS access for remote management, my/all browsers get angry because the R7000 is using a self-signed certificate:
I have a free StartCom SSL cert all generated and ready to install. The problem is, there is no supported way to install this certificate, intermediate cert, and private key, with the R7000.
Many ISPs have begun blocking outbound UDP connections on port 123, the common port used for NTP (network time synching). Because of this, the Orbi router (and other Netgear routers) have crippled functionality related to scheduling and OpenVPN - they simply can't get an accurate time synch after rebooting.
There is a trivial fix though: simply use a port other than 123. This would literally be one line of code change in a firmware update. Making this change will allow the Orbi to again function correctly.
Broken functionality, until fixed:
Thanks for your consideration.
It would be great to have options for the top lights on both the router and satelite Orbi's. The information about connectivity is welcome, so it would be nice to see it outside of the initial boot/sync for troubleshooting at a glance (or on demand). Providing something in the Genie app for user preferences such as:
I was wondering if People from upstairs and the stories above could develop something between standard and open DD-WRT fro R8000 and above.
It would really make a game change fro NG teams to provide that kind of things that makes router deliver their raw power and unleashed them from their prison jail cells!!
Those are starving beasts who desperately need to be feed and to run on all their cylinders!!
FOR god sake you have more power in a X10 than on my 17y/o stil running desktop and can't exploit more than 30% !!!!
Time to rethink your game!!!!
I have added an Orbi system to my network in AP mode to replace an ASUS RT-68P, but miss much of the diagnostic info I've been accustomed to.
On the attached devices screen in AP mode, I would like to know the current tx/rx speed of the devices, which band they are using, as well as whether they are on the router or which satellite.
I'd also like to be able to see the MAC addresses of the wifi interfaces in the GUI so I can determine which router/satellite is connected from a wifi client system
I want Netgear to add some features to this router. If the feature does exist, please improve the feature to make it better. First off, I am not a big fan of OpenDNS. I should not be forced to use OpenDNS if I don't want to. I already know I can disable Live Parental Controls on this router. I would prefer to do the managing on the router itself and not use OpenDNS. I believe that home routers should include basic features which includes block sites and set a time schedule.
The features that I would like Netgear to add to this router if it doesn't exist already.
1. OpenDNS- Give the user a choice to use this 3rd party company to filtering content OR let the user set controls on the router itself.
2. Block Sites- Give the user the ability to block by URL and Keyword. I know this feature does exist on the router but if you are using OpenDNS, what is the point of the feature. Again, give the user a choice to block sites on the router WITHOUT using OpenDNS.
3. Time Schedule- Give the user the ability to set a time schedule PER hour PER device on the router itself. This feature doesn't seem to exist on this router. A user should not have to completely turn off the wireless radios as means to control the time schedule. Everyone knows that if you pause a Youtube video AFTER the wireless radio is OFF, the video will continue to play and still gives the user the ability to search other videos. Again, I know you can set time blocks in OpenDNS to control the filtering level. That is not the same as blocking internet access to a wireless device.
4. Traffic Analyzer/Web History- This feature is included in the Asus routers. Netgear does have Dynamic QoS but the link to view bandwidth by device or application is buried. To view the bandwidth, it should be a separate tab under Dynamic QoS and give it another name. This feature should be very accessible to users. Also, I know Netgear has a log to view device activity. It is very weak and doesn't include everything. This log should be improved to include everything such as sites that are allowed and blocked. A user should be able to view the log by device as well.
5. Netgear Genie- This app needs improvement. Linksys and Asus both of apps for there routers as well. There apps are not bad but they are better than the Genie. The Genie is not bad but it lacks features to help manage your network from inside/outside the home. There is no "bypass login" to allow a user to have access to something that otherwise is blocked. Since the Genie is on my phone, I should not have to login to the Genie EVERYTIME to view the network map. It is soo tedious to login to Genie on my phone everytime.
The Netgear router is good and fast but there is need for improvement. For the dollar amount that you are spending on this router, Netgear can make it better. The above features are suggestions to make the router better and not everyone will agree. Perhaps I share the same wish list as the next person.
I understand that a developing product needs updates. Sometimes these updates require changes to what data is expected for an element of the settings config. As a customer, when a firmware update is incompatible with my settings, it is absolutely unacceptable that I would have to re-build my entire config from scratch after updating firmware. Netgear may not be able to update my settings but you should at least give us a tool to fix it. It is NEVER ok to lose a customer’s hard work, that’s just bad business. Here is how we fix it:
This isn’t rocket science here. I get that you need to do things that could break my old config. All we are asking is that you give us the tools to fix it. To reiterate my earlier point, “Start over” is NEVER an ok thing to tell a customer.
This one feature set would also solve several other problems:
All of these items would be downloaded/uploaded in one shot with the above suggestions.
As an organizational note: If the human-readable download were actually a ZIP file it could contain multible human-readable files where any setting containing lists could actually be seperate files within the ZIP. Maybe all the settings could be broken out into files containing relevant sections instead of a single long list. If you need to take it in small bites, fine. Dump everything into a single human readable file for now, add the error checker later, break the file into smaller relevant pices when you get the time. I don't much care how you break down the task, just give us a took to fix the things you break and provide it sooner rather than later. We need items 1 & 4 yesterday, the rest will be nice when you can get to it.
Thank you for your consideration.
The genie program looks and feels really outdated. It's slow, cluttered, and not terribly pleasing to look at or use. I think it could really use a facelift. The same goes for the netgear website and the router UI. The C7000 is a great product but it cost me a lot of money. I don't feel like the software/UI is consistent with the premium price I paid.
I have an R7500 Nighthawk router that works beautifully. But one feature I miss is the ability to block individual devices based on a time schedule. There is a feature to block ALL devices on a time schedule, but not individual devices. Please consider adding that feature.
For example, I want to block my 2 kids Ipods between 9pm and 7am on school nights, and 10pm and 7am on weekends, and allow all other devices. Unless I'm missing something, this is not currently possible