Reply
Aspirant
Aspirant

R7000 and VPN

I want to route all traffic through my R7000 while away (to access my home network and use my home Internet for web access). According to this doc:

http://kb.netgear.com/app/answers/detail/a_id/24319/related/1

The R7000 should be doing this with the option "access home and internet" option checked; however, I have noticed it does not work unless you manually alter the routing table on your remote client machine. Basically you have to:
-Add a /32 route to your home router public IP
-Remove the default route pointing to your local LAN connection

Does anybody else have experience with this issue?
Message 1 of 30
Virtuoso

Re: R7000 and VPN

There is few user using VPN but not huge thread yet

I would say you should not need it but I would contact support as well
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 2 of 30
Aspirant
Aspirant

Re: R7000 and VPN

Is the ASUS VPN implementation any better?
Message 3 of 30
Virtuoso

Re: R7000 and VPN

I think recent thread about third party built-in OpenVPN on R7000 is that it does not support Client option but only VPN termination at R7000 to use remote client to access the lan devices behind the R7000

In those feature I believe Asus has it's feature on Asus firmware but R7000 can do the same with DD-WRT is what someone said.
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 4 of 30
Aspirant
Aspirant

Re: R7000 and VPN

I see several articles regarding the ASUS and the R7000 and I know this is a Netgear board, but what is the general consensus about which of these two devices is the better box?
Message 5 of 30
Virtuoso

Re: R7000 and VPN

I have no comments as never uses asus but seems people like asus who compare with R7000

Some say support was better is one thing I remember...
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 6 of 30
Tutor

Re: R7000 and VPN

I have both. In terms of OpenVPN support ASUS offers a complete package. Netgear is artifically hindering how you can configure OpenVPN on their router. It allows a TAP only configuration with fixed keys.
Message 7 of 30
Aspirant

Re: R7000 and VPN

I swapped out the R7000 for the Asus purely because of the VPN implementation. I didn't want to use OpenVPN and that was the only option on the R7000 unless I wanted to port forward etc and have a VPN service running on one of the computers.
Message 8 of 30
Aspirant

Re: R7000 and VPN

I just purchased the R7000 to replace my Linksys E4200 V1 that just could handle the amount of wireless devices I have on my network ( 30+ devices). This device exceeds my expectations. In regards to the VPN access I configured it for internet access and it works great. Just remember that anytime you make a change to the VPN policy ("Network Only" or "Internet and Network") you have to download the configuration files again to the client to apply said policy to the VPN session. Did you try download the config files after you made the change?
Message 9 of 30
Aspirant
Aspirant

Re: R7000 and VPN

Yes, I did. I noticed no mention of redirect default-gw in the client config file so if it is not being pushed from the OpenVPN server, it won't happen. Have you verified when you connect to your R7000 remotely via VPN your public IP does in fact switch to your home IP?

My workaround is to modify my Mac's routing table (basically add a /32 route for my home IP to out out via my local interface and change my default gateway to be the private IP of the r7000). This seems to work by somewhat of a kludge.

As a side note, I've noticed I get better VPN performance when I disable "downstream qos" on the r7000. The performance is overall better without having "downstream qos" enabled.
Message 10 of 30
Retired_Member
Not applicable

Re: R7000 and VPN

I've noticed problems with downstream QoS and my Juniper VPN, as well.

http://forum1.netgear.com/showthread.php?t=88843
Message 11 of 30
Aspirant

Re: R7000 and VPN

ng1,

I definitely receive an IP address on my network when I VPN'd in via the client. I even checked the "Attached devices" tab while connect and my client appeared there as well. I do not use "downstream qos" and don't plan to since I hear about the issue it causes. Pardon me if this sounds basic (I mean no offense) but did you try this from a different client or disabling VPN entirely on the router and starting from scratch. I did notice that when I perform an "ipconfig" on my client while connected it drops the gateway for my location IP address (i.e., if "VPNing" from the office to home once connected I have two IP addresses but the gateway for my office IP address is no longer there. Only the gateway for my home is visible in the IP configuration).
Message 12 of 30
Aspirant
Aspirant

Re: R7000 and VPN

I get an IP on my home network when I VPN into it (192.168.x.x). The issue is when I go to an Internet site, the traffic does not get routed over the VPN, it goes out the local interface. When you VPN into your house, go to a website that will tell you your IP and I bet it isn't your home public IP. You can also verify the route the traffic will take by looking at your route table on your client. You will probably see your default gateway as whatever remote network subnet you are on (not your home private network default gateway).
Message 13 of 30
Virtuoso

Re: R7000 and VPN

You two need to use quote more wisely
http://forum1.netgear.com/showthread.php?t=56316
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 14 of 30
Virtuoso

Re: R7000 and VPN

If R7000 has set to use internet traffic via VPN then when you are connected use whatsmyip and see.

Usually when you route all traffic still should bind both and able to access your local resource and remote resource (7000) .
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 15 of 30
Aspirant

Re: R7000 and VPN

ng1,

I performed the task you requested using "whatsmyip" (thanks jmizoguchi) and the IP address shown is actually the external IP address associated with my router at home. It even states that I am located in NY (where I live) even though I'm currently located in NJ (where I work). The traffic is definitely being routed over my VPN connection.

Pardon my misuse of quotes. I am in the middle of configuring some HP Enclosures (C7000) and this chat we are having is taking place on monitor number five so I'm not really paying the proper attention to my grammar. Smiley Happy
Message 16 of 30
Virtuoso

Re: R7000 and VPN

Looks like VPN is properly assigning the remote PC

Smiley Happy
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 17 of 30
Aspirant
Aspirant

Re: R7000 and VPN

teddyo333,

Interesting. I wonder if it has something to do with me using Mac as client (I use TunnelBlick as a VPN client). Maybe the issue is localized to non-Windows clients. Do you use Windows for your client device?
Message 18 of 30
Virtuoso

Re: R7000 and VPN

It is a open source so possible issues can be there.

OPENVPN has Mac client so I would try that.
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 19 of 30
Aspirant

Re: R7000 and VPN

ng1,

I am having the same problem as you using TunnelBlick on Mac, when I check my external IP it's still the one at work instead of the one at home. Did you find any solutions?
Message 20 of 30
Aspirant

Re: R7000 and VPN

TSloper wrote:
It allows a TAP only configuration with fixed keys.


you mention a fixed key size. what is that key size?
Message 21 of 30
Aspirant
Aspirant

Re: R7000 and VPN

njourdain wrote:
ng1,

I am having the same problem as you using TunnelBlick on Mac, when I check my external IP it's still the one at work instead of the one at home. Did you find any solutions?


I have a case opened about this but have not heard from Netgear in over two weeks. As a workaround, I manually manipulate my routing table.

1) Connect to VPN

2) Add a /32 route to point to your local subnet's gateway (the network your Mac is on):

sudo route -n add x.x.x.x/32 y.y.y.y

(x.x.x.x = the Public IP of your R7000)
(y.y.y.y = the default gateway of your local subnet's network)
You need to do this so you Mac TunnelBlick client can always talk to your R7000 over the Internet

3) Delete existing default route
sudo route -n delete 0.0.0.0/0

4) Add a new default route to point to the private internal IP of your r7000

sudo route -n add 0.0.0.0/0 192.168.0.1


To go back to normal settings, just add back you local subnets default route (y.y.y.y):

sudo route -n delete 0.0.0.0/0
sudo route -n add 0.0.0.0/0 y.y.y.y


Also, note, you can view your Mac routing table via this command
netstat -rn
Message 22 of 30
Follower

Re: R7000 and VPN

After close to 5 hours of troubleshooting, I can verify that this works on my mac and the R8000 using tunnelblick!

A few notes to add:
1. in the conf file add the line:

redirect-gateway def1

this will use the gateway for internet traffic.

2. if you have a source that has a similar ip gateway as the r7000/r8000, it'll get confused. I was using my verizon lte modem that also defaulted to 192.168.1.1 -- so I changed it to 10.0.0.1

3. make some start/stop scripts. end result being
start:
sudo route -n add x.x.x.x/32 10.0.0.1
sudo route -n delete 0.0.0.0/0
sudo route -n add 0.0.0.0/0 192.168.1.1

stop
sudo route -n delete 0.0.0.0/0
sudo route -n add 0.0.0.0/0 10.0.0.1
sudo route -n delete x.x.x.x/32

x.x.x.x is the public ip of the r7000/r8000
10.0.0.1 -- replace with your source ip
192.168.1.1 -- is the default gateway ip for r8000

Woohoo!

Edgy
Message 23 of 30
Tutor

Re: R7000 and VPN

edgy wrote:
After close to 5 hours of troubleshooting, I can verify that this works on my mac and the R8000 using tunnelblick!

A few notes to add:
1. in the conf file add the line:

redirect-gateway def1

this will use the gateway for internet traffic.
...

Edgy
I am having the exact frustration as noted on this thread.

Questions:
1) what config file are referring to? Is it one of the files saved on the laptop's "C:\Program files\OpenVPN\config\" folder?

2) You simply, literally typed in the following in this file and it worked? :
redirect-gateway def1

Thanks alot.
Message 24 of 30
Guide

Re: R7000 and VPN

Yes, I'd like an answer to this too.. Not sure why changing the admin console config to "router all traffic across VPN" doesn't do this..
Message 25 of 30
Top Contributors
Discussion stats
  • 29 replies
  • 11748 views
  • 0 kudos
  • 13 in conversation
Announcements