Reply
Highlighted
Star

R7000 VPN Service TAP or TUN

I am trying to use the VPN server built into my R7000 router, however it does not work as advertized.

 

  • The R7000 users guide indicates that Android is not supported, however the help centre (help files on the router itself) indicates that my firmware level does support Android as a TUN device. (see below)                   Firmware version is V1.0.4.30_1.1.67
  • If I download the client config file for either "Windows" or "NonWindows"  The dev  is set to "tap".  (see below)

 

QUESTIONS:

  1. Does this firmware support or does it not support Android using TUN?
  2. If it does support Android then how do I get the router to create a proper client config file?
  3. If the router does not support Android then:
  •  Are there plans to do so in the future?
  •  Can Netgear fix the documentation stating this firmware does not support Android and cannot create a TUN device config file?

 

Here is a copy of my client.conf file:

client
dev tap
proto udp
remote xx.yy.org 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5

 

The help centre documentation is posted below:

 

The VPN Service function allows you to access your home network in a secured way through the Internet when you are out of home. In addition, when you are out of the country, you can use the VPN Service to access the Internet sites or services for which there is a geographic limitation and they are not accessible outside the country. To use the VPN Service, you will need to locate your router through the Internet when you are out of home. There are two ways to do that and the suggested way is to use the Dynamic DNS service. The other way is to locate your router through its public Internet address and it is better to have static IP address settings for the router's Internet connection. Please make sure you have either the Dynamic DNS service enabled or static IP address settings for your Internet connection. The VPN Service only work with OpenVPN clients and will not work with any other VPN clients.

OpenVPN configuration package download

To install the VPN client, here you can find the proper configuration files base on your client operating system. For Windows and MAC, the configuration is using TAP mode for best compatibility for applications. For iPhone and Android, the configuration is using TUN mode due to OpenVPN APP limitation.

Please be aware that, after changing the VPN advanced configuration, DDNS setup, or any Internet setting changes, you need to re-download the configuration file and replace to your client.

OpenVPN client setup instruction

To use the VPN Service, you need to install the VPN client software on each device where you want to create a VPN connection to the router. Please click on the client operating system for the instruction. Currently we support for Windows, MAC, iPhone, and Android.

Advanced Configuration

This section is only used for advanced setting. You don’t need to change anything here for the VPN to work properly.

TUN Mode Service Type:

You can use either TCP or UDP protocol to transmit the VPN packets for TUN Mode.

TUN Mode Service Port:

This is the VPN Server port number to which a VPN client connects for TUN mode. The default is 12973.

TAP Mode Service Type:

You can use either TCP or UDP protocol to transmit the VPN packets for TAP Mode.

TAP Mode Service Port:

This is the VPN Server port number to which a VPN client connects for TAP mode. The default is 12974.

Clients will use this VPN connection to access:

There are three options "Auto", "Home Network only" and "All sites on the Internet & Home Network". With the "Home Network only" option, a VPN client can access only the Home Network through the VPN Service. If you want to access the Internet sites or services with a geographic limitation when you are out of the country, you have to select the option "All sites on the Internet & Home Network". Please note that once you have selected this option, your VPN client will also access Internet sites and services that do not have a geographic limitation. For an Internet site or service that is normally accessible through the Internet (for example, public networks that do not have a geographic limitation), the access speed through the VPN Service is slower than the access speed without going through the VPN. The "Auto" option will do some intelligence checking and try to use the VPN Service only for necessary accesses (i.e. only for sites or services that are not accessible if not going through the VPN Service), but this is just a best effort function and a correct determination cannot be guaranteed.

 

Message 1 of 5

Accepted Solutions
Highlighted
Star

Re: R7000 VPN Service TAP or TUN

Thank you for your response and I will wait until a fully supported release of this firmware is available for the general public. After reading the comments regarding this firmware it seems there may be some bugs yet to be resolved.  For the time being I need a stable release of firmware and will continue to use a Virtual Machine as a VPN server.  The good news is this feature is coming.

 

Over the years I have had several Netgear routers, but have always found the stock Netgear firmware to lack in features and as a result I have run DD-WRT firmware.  The main reason I purchased this router was because it was suppose to implement a VPN server which is a feature I really wanted and this would allow me to run a stable, sanctioned, and supported Netgear firmware (a big plus in my books).  I was quite disapointed to learn that the VPN server only supported Windows and MAC clients.  Therefore the VPN implementation was useless to me since I run Ubuntu on my Laptop and use android devices.  As a result I had to create a Linux VPN server running in a Virtual Machine (or go back to using a third party firmware, which are not always stable).  Open VPN is supported on almost every platform, therefore restricting the clients that can connect to the routers VPN seems like an oversight and should theoretically be simple to implement.

 

Therefore do you know if there are any plans to implement support for Linux and add VPN client into the firmware for this router? Linux support for me would be a priority, and a VPN client would simply be a nice feature to have.

 

Sincerely,

Michael 

View solution in original post

Message 4 of 5

All Replies
Highlighted
Master

Re: R7000 VPN Service TAP or TUN

Hi @HVOSPkxa,

 

Welcome to Community!

 

You can load the beta firmware for OpenVPN in Android support.

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-firmware-v1-0-5-44-limited-release/m-p...

 

Regards,

 

JamesGL

Community Team

Message 2 of 5
Highlighted
Prodigy

Re: R7000 VPN Service TAP or TUN

@HVOSPkxa

QUESTIONS:
Does this firmware support or does it not support Android using TUN?
Ans: Fw v1.0.0.30 does NOT support OpenVPN for Android or iOS. But beta fw v1.0.5.44 does support OpenVPN for smartphones (link provided by JamesL).

 

If it does support Android then how do I get the router to create a proper client config file?
Ans: There will be a another option to download the VPN config file just like this screenshot. 

R7000_OpenVPN.jpg

 

If the router does not support Android then:
Are there plans to do so in the future?
Can Netgear fix the documentation stating this firmware does not support Android and cannot create a TUN device config file?
Ans: See answer on first Q.

Message 3 of 5
Highlighted
Star

Re: R7000 VPN Service TAP or TUN

Thank you for your response and I will wait until a fully supported release of this firmware is available for the general public. After reading the comments regarding this firmware it seems there may be some bugs yet to be resolved.  For the time being I need a stable release of firmware and will continue to use a Virtual Machine as a VPN server.  The good news is this feature is coming.

 

Over the years I have had several Netgear routers, but have always found the stock Netgear firmware to lack in features and as a result I have run DD-WRT firmware.  The main reason I purchased this router was because it was suppose to implement a VPN server which is a feature I really wanted and this would allow me to run a stable, sanctioned, and supported Netgear firmware (a big plus in my books).  I was quite disapointed to learn that the VPN server only supported Windows and MAC clients.  Therefore the VPN implementation was useless to me since I run Ubuntu on my Laptop and use android devices.  As a result I had to create a Linux VPN server running in a Virtual Machine (or go back to using a third party firmware, which are not always stable).  Open VPN is supported on almost every platform, therefore restricting the clients that can connect to the routers VPN seems like an oversight and should theoretically be simple to implement.

 

Therefore do you know if there are any plans to implement support for Linux and add VPN client into the firmware for this router? Linux support for me would be a priority, and a VPN client would simply be a nice feature to have.

 

Sincerely,

Michael 

View solution in original post

Message 4 of 5
Highlighted
Master

Re: R7000 VPN Service TAP or TUN

Hi @HVOSPkxa,

 

Based from our engineer's response, there is no plan yet to implement this in linux systems. However, I would suggest that you post this in our idea exchange board to let them know that there are users interested with this feature.


Regards,

 

JamesGL
Community Team

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 25891 views
  • 4 kudos
  • 3 in conversation
Announcements