× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Re: XR500 OpenVPN Configuration

lgfz71
Aspirant

XR500 OpenVPN Configuration

Hello,

I recently bought a new XR500 (Nighthawk AC3200 died) and I'm trying to configure OpenVPN on it. I'm a bit of a novice when it comes to OpenVPN as I've had no need to configure this until now. However, I'm having some issues with my VPN client unable to see my LAN devices.

Here's an image of my network:
https://imgur.com/a/elPJ2Yp


A written version:
I have an outward facing AT&T router/modem (fiber connection) with IP passthrough (DMZ Plus) disabled. Behind that sits my XR500 which hosts the OpenVPN server. I've configured the OpenVPN server (limited configuration) to allow clients to access LAN devices and internet.

My internal router's subnet is 192.168.1.0/255
OpenVPN assigns IP addresses from the 192.168.2.0/255 subnet.
VPN connections from iOS devices are always successful but I cannot see any other LAN device aside from my Synology NAS via a browser at 192.168.1.8:5000. I would assume this is a limitation on iOS from the research I have done. The goal here is to be able to use my iPad to a connect to my home network and access my local computers.

 

Here's the ovpn file my iOS devices use:

client
dev tun
proto udp
remote xxx.mynetgear.com  12973
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
cipher AES-128-CBC
comp-lzo
verb 5


Is there any additional configuration options I need to apply to be able to see my other LAN devices? I've already attempted to enable IP passthrough on my AT&T router and place my XR500 in the DMZ Plus. This seems to cause additional non-related issues such as SSH broken pipes.

Perhaps someone has achieved this desired configuration with a similar network setup.


Thanks in advance.

Message 1 of 10

Accepted Solutions
lgfz71
Aspirant

Re: XR500 OpenVPN Configuration

Solution:

 

I managed to get this finally working with VNC instead of RDP.

 

Setup:

- Screens installed on iOS device

- OpenVPN Server installed on Synology (I believe this should also work for my router's OpenVPN Server, untested)

- Manual configuration required to connect to LAN device using IP Address instead of host name defined my computer

- Success

 

View solution in original post

Message 9 of 10

All Replies
Netduma_Alex
NetDuma Partner

Re: XR500 OpenVPN Configuration

I notice on the diagram that you want to set up the XR500 with OpenVPN. The XR500 has two OpenVPN related features, so i'm wondering if you are referring to Hybrid-VPN (an OpenVPN client for your whole network) or the Netgear VPN feature (an OpenVPN server hosted on your router)

Message 2 of 10
lgfz71
Aspirant

Re: XR500 OpenVPN Configuration

I have setup the OpenVPN Server. Settings -> Advanced Settings -> VPN Service. I'll also note that perhaps the reason I can access my Synology while connected to VPN is because it is a hardwired connection to my router. My other LAN devices are wireless.

 

Alternatively, I have also tried to setup OpenVPN on my Synology which has yielded the same results.

Message 3 of 10
Netduma-Fraser
NetDuma Partner

Re: XR500 OpenVPN Configuration

I'm a bit confused on why you need this feature, perhaps I'm not understanding correctly but the VPN service is for accessing your home network remotely i.e. when you're not at home, not for accessing your home network when you're already home which it sounds like what you're doing?

If you are attempting to access it remotely anyway then you need to do so using your public IP address but as it seems your AT&T modem/router is running in router mode without a passthrough such as modem/bridge or DMZ enabled then you wouldn't be able to access it anyway.
Message 4 of 10
lgfz71
Aspirant

Re: XR500 OpenVPN Configuration

I can make some additional confiugration changes to hopefully get this to work.

 

I have enabled IP Passthrough (DMZPlus) on my AT&T router/modem and now my XR500 has full control over my incoming requests using my outward facing IP address. I still have the issue of not being able to see my local LAN devices when connected to my VPN Server. VPN clients can still connect and are given an IP Address on this subnet, 192.168.2.0/255. 

 

Is there any static routing that needs to be done? I'm unable to edit the server.conf file on my router as I don't have SSH access and that's not even a supported option at this point. 

Message 5 of 10
Netduma-Fraser
NetDuma Partner

Re: XR500 OpenVPN Configuration

Are you just trying to access the files on each device when you're already at home? If so then ReadyShare would be a better option. Could you clarify the usecase please?
Message 6 of 10
lgfz71
Aspirant

Re: XR500 OpenVPN Configuration

I would ultimately like to RDP with my at-home devices. I am a mobile developer and constantly traveling. And my macbook is proving to be too large. I would like to be able to connect to my VPN with my iPad, RDP with my Mac Mini, and do any necessary development. 

Message 7 of 10
lgfz71
Aspirant

Re: XR500 OpenVPN Configuration

Update to configuration:

 

I've re-enabled my OpenVPN Server on my Synology. This allows for a more configurable approach. I can successfully connect with my iPhone and iPad as well as ping all of my internal LAN devices. However, I still cannot RDP with them. All of my macs have Screen Sharing enabled and I have verified this by disconnecting VPN, connecting to my home network (wifi) and using RDP (successful). 

 

There's no firewall on my macs or my Synology.

 

Synology OpenVPN virtual subnet: 10.8.0.0/255

LAN subnet: 192.168.1.0/255

 

 

Message 8 of 10
lgfz71
Aspirant

Re: XR500 OpenVPN Configuration

Solution:

 

I managed to get this finally working with VNC instead of RDP.

 

Setup:

- Screens installed on iOS device

- OpenVPN Server installed on Synology (I believe this should also work for my router's OpenVPN Server, untested)

- Manual configuration required to connect to LAN device using IP Address instead of host name defined my computer

- Success

 

Message 9 of 10
Netduma-Fraser
NetDuma Partner

Re: XR500 OpenVPN Configuration

Thanks for clarifying and apologies I wasn't clear on what you were trying to achieve. Really glad you managed to find a solution!
Message 10 of 10
Discussion stats
  • 9 replies
  • 4296 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7