× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Re: Nighthawk XR500. cannot use VPN Server for remote login

astraub
Aspirant

Nighthawk XR500. cannot use VPN Server for remote login

Hi,

 

I found that whenever I try to activate the OpenVPN server, I lose internet connection. Without this checkbox, all works perfectly fine.

 

I would like to use the OpenVPN for remote login into my home network. Any ideas, what could be going wrong?  My son told me that he got a message that the DNS what not found, even though I entered all three DNS server entries.

 

Greetings

Andreas

Model: XR500|Nighthawk Pro Gaming Router
Message 1 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

So just to clarify, you lose internet once activating the VPN service on the router or the intended PC client?
Message 2 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Just activating the VPN button (NOT Hybrid VPN!) appears to make me lose internet connectivity (or at least the DNS connectivity - I will check this in more detail by using direct IP addresses). At this point there is not external client involved yet.

Message 3 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Maybe some additional information:

 

I use a Fritzbox as the modem and put this into DMZ mode to connect to the XR500 going into its WAN port. I did however set the fritzbox as the gateway for the XR500. Could that be a problem as it means that the dns chain is:

 

external network DNS servers -> Fritzbox -> XR500

 

On the other hand I set three manually assigned DNS servers in the XR500.

 

What happens if I do not define a gateway in the XR500 internet setup?

Message 4 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Attached a screen copy of the detailed internet settings.

 

192.168.1.1 is the IP address of the fritzbox (using DMZ)

192.168.1.2 is the WAN port IP address of the XR500

Message 5 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

I would assume this is because you have them both on the same subnet. Change the Fritzbox on its interface to 192.168.0.1 and then update that in the XR500 and try again please.
Message 6 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Just for clrification here again the IP settings:

 

Fritzbox router address:  192.168.1.1

XR500 incoming WAN port: 192.168.1.2 (this was set this way to be in the same subnet as the Fritzbox and also to separate the subnets and router addresses of the Fritzbox and the XR500)

 

XR500 local router address: 192.168.0.1

 

This means that currently I can also access the Fritzbox settings and alike through the 192.168.1.1 address from my local LAN.

 

Setting the Fritzbox address to 192.168.0.1 would disable access to the Fritzbox settings as it would have the same address as the XR500, meaning that I would always access the XR500, correct?

 

 

Message 7 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

In the meantime I veried that activating the VPN server has the following effects:

 

1) the access to the internet fails

2) access to the Fritzbox at 192.168.1.1 fails. I access now the login page of the XR500 at that address (?!?)

3) using direct IP addresses for websites also fails - so this is more than a DNS issue (see 2))

Message 8 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

An additional thought:

 

As it looks like the XR500 when activating the VPN server modifies the WAN port IP address, I could still try to move the Fritzbox IP addresses (router IP and the DMZ LAN port IP) into the 192.168.0.x subnet - avoiding the collision with already existing fix IP addresses in the XR500. Would that help?

Message 9 of 23
Netduma_Alex
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

I imagine that this problem occurs because the VPN will not allow you through to other subnets on your network. Might be caused by the XR500 being under the Fritzbox, maybe it can't go upstream...

 

On the VPN page, select the option that says "All sites on the internet & home network"

Message 10 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Hi,

 

I tried putting both boxes in the same subnet, but the XR500 does not allow this as the "WAN subnet and the LAN subnet are colliding". Any other idea?

Message 11 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

Have you enabled remote management on the router as well?
Message 12 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

No, this is disabled.

Message 13 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

It is still the same situation:

 

as soon as I activate the VPN service the XR500 automagically decides to switch its IP address to the subnet of the WAN (192.168.1.1) and thus overrides the address of the Fritzbox which is not reachable anymore and so there is not internet connection anymore.

Message 14 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

I'd just factory reset both, then leave those IPs are they are after reset then try the VPN service again
Message 15 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Can't I simply turn off the firewall of the XR500 and use the firewall of the Fritzbox and it's VPN, which both work fine?  Would the DUMA QoS and alike still work?

Message 16 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

You're not able to turn off the XR500 firewall as it is built in. Perhaps changing NAT to open and enabling IGMP Proxying in WAN settings could help.
Message 17 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

ok - I progressed. I switched the Fritzbox IP address to 192.168.1.3 to avoid collision with the XR500.

 

I can now actually establish a VPN connection to the XR500, but I get the client IP address of 192.168.1.2 (the WAN port). The plan was to reach the 192.168.0.x subnet.

 

Shouldn't I end up in the internal LAN when using the VPN and such be able to access all internal addresses like being on the same LAN?

Message 18 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

You should be able to, are you allowing the VPN service to use auto connection? If so set it manually for home network. It may be worth creating a ticket with Netgear: http://support.netgear.com/ as it is their feature so they may have more insight on troubleshooting options.

Message 19 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

Hi Fraser,

 

I just saw that there was another user having the same issues (VPN subnet woes). It sounded like you already answered that request.

 

So in short:

 

connecting through VPN makes me end up in the WAN subnet (192.168.1.x) - I need however to connect to the LAN subnet (192.168.0.x). How can I do that?

 

I tried to enter a request to netgear but ended up in this forum again ....

Message 20 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

You have the XR500 in the Fritzbox DMZ correct? Make sure no devices are connected to the Fritzbox and disable its Firewall. It could be interfering and you'll still be protected that way.
Message 21 of 23
astraub
Aspirant

Re: Nighthawk XR500. cannot use VPN Server for remote login

The Firewall is disabled in the Fritzbox for one port (DMZ) at IP 192.168.1.2 - this is the port connected to the WAN port of the XR500. No other clients are connected and no DHCP server has been activated. So the Fritzbox basically behaves like a modem only.

 

Connecting to the VPN Server in the XR500 however ends up at the WAN port address (which is what I can see on my clients IP settings), which is on the external side of the XR500 firewall, which is exactly what the VPN should NOT do. I should end up AFTER the firewall in the local LAN subnet (after all the idea of the VPN is to NOT have to use port forwards punching holes in the firewall)

Message 22 of 23
Netduma-Fraser
NetDuma Partner

Re: Nighthawk XR500. cannot use VPN Server for remote login

It's possible that QoS is blocking it from getting any further, disable this fully in Anti-Bufferbloat options and see if that helps at all.
Message 23 of 23
Discussion stats
  • 22 replies
  • 3615 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7