× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

VPN is preventing normal access to my local network

hmuster
Follower

VPN is preventing normal access to my local network

I have the following network topology:

Local network with a NAS (192.168.x.x) <--> Netgear XR700 Router <--> Internet provider router (static: 50.123.123.123)

Also I have my private domain "myDomain.me" which points to 50.123.123.123. Port forwarding makes sure the NAS can be accessed from internet (e.g. 50.123.123.123:443 for https://myDomain.me --> NAS)

hmuster_0-1667657792094.png

 

Now, I want to access my whole local network from the internet via VPN. I thought setting up VPN on my XR700 would do this. (Is this assumption wrong?). For this I made the followging setup on my XR700:

- DDNS (myName.myNetgear.com (I don't understand, why this is needed, but why not?)

- Enable VPN service (changing the default TUN/TAP service ports)

 

Result: The access to https://myDomain.me doesn't work anymore. (I can only access my NAS using the internal IP address (192.168.x.x) or with DDNS myName.myNetgear.com.

Is this this behavior by intention? I expected the VPN being an additional service, which supports me, when I am not at home (e.g. to access my camera). I did not expect that it blocks the "normal" access.

 

This is my vision (installing OpenVPN on "My Notebook when I am absent"):

hmuster_1-1667658376540.png

 

Thanks for help or clarificatio!

Message 1 of 3
Sandshark
Sensei

Re: VPN is preventing normal access to my local network

This isn't the right forum, but you've set up a VPN that is trying to use Netgear's DDNS (Dynamic Domain Name Server) at mynetgear.com, not your static IP.  I don't believe that the Netgear router software has native provisions for a VPN with a fixed IP address, but you can add OpenVPN on some.

Message 2 of 3
StephenB
Guru

Re: VPN is preventing normal access to my local network


@hmuster wrote:

For this I made the followging setup on my XR700:

- DDNS (myName.myNetgear.com (I don't understand, why this is needed, but why not?)

- Enable VPN service (changing the default TUN/TAP service ports)

 

Result: The access to https://myDomain.me doesn't work anymore. (I can only access my NAS using the internal IP address (192.168.x.x) or with DDNS myName.myNetgear.com.

 


Are you saying that simply enabling the VPN service on your XR700 router resulted in my.domain.me not working? 

 

If this is the case - OpenVPN requires that the XR700 be configured as a router, and not an AP.  Was it configured as a router before you configured OpenVPN?

 

Normally if the WAN address of the XR router is 192.168.1.x then the LAN addresses would be something different than 192.168.1.x.  Most Netgear routers would automatically fail over to 10.0.0.x LAN addresses if they detect the WAN address is 192.168.1.x.

 

Also, 443 and the tun/tap ports both need to be forwarded from the ISP router to the XR700, and then 443 needs to be forwarded again to the NAS.  It is best to reserve the XR700's WAN IP in the ISP router, and also to reserve the NAS IP address in the XR700.

 

Also, how is myDomain.me associated with your ISP's router IP address?  Is this done with a DDNS service in the ISP router?  Or is this done some other way?  Have you checked that myDomain.me still reaches your router's IP?  For instance, by entering ping myDomain.me, and then checking that the WAN IP address is the same address used by your ISP router?

 

Or are you saying that this is happening on the laptop when you are connected using openvpn?

 

BTW, there is no risk in posting 192.168.x.x (or other private address ranges) publicly, since they cannot be used for routing.

 


@hmuster wrote:

 

- DDNS (myName.myNetgear.com (I don't understand, why this is needed, but why not?)


It might not be.  If myDomain.me points to your ISP router (which has both 443 and the TAP/TUN ports forwarded to the XR700), then you should be able to connect with openVPN using myDomain.me.  Most people don't have a static IP address, and they do need DDNS to be able to reach their router remotely.

 

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 1123 views
  • 0 kudos
  • 3 in conversation
Announcements