Reply

Re: Orbi Pro Firmware update - V2.4.0.114

davidcheok
Apprentice

Orbi Pro Firmware update - V2.4.0.114

Just updated the firmware to the latest today. Nothing seems to have changed. 

1) 2nd Wifi still gives a third open SSID (initially seems to work but 3rd open ssid appeared again after some time)

2) SSID bandwidth management is purely cosmetic because ive changed the ratios to the maximum and minimum and still gives the same bandwidth on each one.

3) VPN access puts me on a different subnet (one lower) to my internal network so I cant see nor access my network which defeats the purpose

4) 2nd SSID network still able to see all those on the primary network regardless of adjusting the check box

 

For me, i use a workaround of hiding the 2nd SSID and give out only to trusted people.

Disappointing product with no solution in sight it seems from the age of many of the posts here. Its too bad. Wireless range is pretty good but the security issues that comes with it is unacceptable.

 

Model: SRK60B03|Orbi Pro Tri-Band Business WiFi System
Message 1 of 17

Accepted Solutions
evan2
NETGEAR Expert

Re: Orbi Pro Firmware update - V2.4.0.114

1) 2nd Wifi still gives a third open SSID (initially seems to work but 3rd open ssid appeared again after some time)

Did you see the issue on 2.3.5.108? then update FW to 2.4.0.114, still see the issue,

if you see the issue on 2.3.5.108, then update to 2.4.0.114, but config don't change after update, so the issue still happen on 2.4.0.114,

Please disable WiFi 2 and Enagle again on 2.4.0.114, it won't see the issue again,

We will fix it in next maintance release.

View solution in original post

Message 10 of 17

All Replies
RaghuHR
NETGEAR Expert

Re: Orbi Pro Firmware update - V2.4.0.114

Hi @davidcheok 

 

Thank you reaching Netgear Community.

Are you using Insight app to manage your Orbi Pro for this issue >>>1) 2nd Wifi still gives a third open SSID (initially seems to work but 3rd open ssid appeared again after some time)

 

For bandwidth management we need to how you have configured.  Based on your config we can tell you whether it is working as per the config or not.  Also let us know how much bandwidth you are looking to allocate?

 

3) VPN access puts me on a different subnet (one lower) to my internal network so I cant see nor access my network which defeats the purpose. Need debug logs.

 

Once again we take all your comments.

 

Best,

Raghu

Message 2 of 17
schumaku
Guru

Re: Orbi Pro Firmware update - V2.4.0.114


@davidcheok wrote:

3) VPN access puts me on a different subnet (one lower) to my internal network so I cant see nor access my network which defeats the purpose


TAP vs. TUN ... FMI: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting 

Message 3 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

Are you using Insight app to manage your Orbi Pro for this issue - 

No. Using web interface. Insight app Last updated 28th Aug 2019.

What's the difference? The browser directly interfaces with the firmware.

 

Bandwidth management slider - 97% wireless 1, 2% wireless 2 and 1% guest. Im looking to allocated 5mbits to guest. Is there a formula to this? Whatever numbers i put in doesnt seem to make any difference.

 

VPN: If my home network is 192.168.1.x, then connecting by VPN on my phone registers me as 192.168.2.x

 

 

Message 4 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

FMI: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting  

 

That looks like a workaround for a workaround for a workaround. Is it so difficult to do things so that when we open a vpn connection into our network, we get an ip on our subnet? The wireless gives me the opposite problem when i want a separate network for the guest ssid, it allocates ips from my private subnet. Apple's airport extreme did it perfectly with no fuss and no hassle. Here we are given hoops and loops to jump through just to get something to work right. Ive also worked with flashing ddwrt too and those are easy enough to do too without resorting to writing scripts.

Message 5 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

Moment you turn on the second ssid, looks fine.
Message 6 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

One minute later
Message 7 of 17
schumaku
Guru

Re: Orbi Pro Firmware update - V2.4.0.114


@davidcheok wrote:

FMI: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting  

That looks like a workaround for a workaround for a workaround.


No workaround - well, not for the Netgear side. These are two options available to configure the OpenVPN. The point is that not all OpenVPN clients (platforms) are supporting the direct bridging - iOS and non-rooted Android don't offer this for example. Regardess, even if the VPN does use a dedicated routed subnet for the connection, the LAN subnet should be reachable, too. 

 


@davidcheok wrote:

The wireless gives me the opposite problem when i want a separate network for the guest ssid, it allocates ips from my private subnet. 


Unless something basic was changed on the Orbi and specifically Orbi Pro model line, indeed the same IP subnet is used for all SSIDs. There is no VLAN isolation with routing for multiple subnetworks. Netgear does only deploy some L2 isolation for the guest network.

Message 8 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

Its not a prudent policy to put unknown clients on your company network. Doing so simply invites potential hacks and with the large variation of malware out there infesting various o/ses, it would be a matter of time one propagates into an internal client. I would think it would be a simple job to create say separate private network to host these 'guests' especially since your guest ssid is unsecured. Dont know but thats just my logic.
Message 9 of 17
evan2
NETGEAR Expert

Re: Orbi Pro Firmware update - V2.4.0.114

1) 2nd Wifi still gives a third open SSID (initially seems to work but 3rd open ssid appeared again after some time)

Did you see the issue on 2.3.5.108? then update FW to 2.4.0.114, still see the issue,

if you see the issue on 2.3.5.108, then update to 2.4.0.114, but config don't change after update, so the issue still happen on 2.4.0.114,

Please disable WiFi 2 and Enagle again on 2.4.0.114, it won't see the issue again,

We will fix it in next maintance release.

Message 10 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

"Please disable WiFi 2 and Enagle again on 2.4.0.114, it won't see the issue again,

We will fix it in next maintance release."

 

Ok. Trying it now. Will update again if it fails.

Message 11 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

Hahhaha. Disabling the wifi 2 and re-enabling has solved the 3rd ssid issue.

Message 12 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

Update:

1) Wifi 2 3rd ssid unsecured resolved.
2) Client segregration on wireless 2 resolved

Still unresolved - vpn client on separate subnet

Thank you for the quick responses and help.

Hopefully vpn issue can be resolved in the next update (without us having to resort to alternative fixes).

Once again, thank you.
Message 13 of 17
schumaku
Guru

Re: Orbi Pro Firmware update - V2.4.0.114


@davidcheok wrote:
2) Client segregration on wireless 2 resolved

The client segregation is done on a pure L2 level - no VLAN, no dedicated subnetworks, all devices are on the same IP subnet. This was disputed many times before - not that I like it the way it's implemented.

 


@davidcheok wrote:
Still unresolved - vpn client on separate subnet
Hopefully vpn issue can be resolved in the next update (without us having to resort to alternative fixes).

Again: This depends on the capabilities of the OpenVPN client resp. the restricted privileges and Kernel access rights available on iOS and Android. The subnet you see is just an intermediate transport network for the VPN. The real disadvantages are in the fact that we have no control on the IP addresses assigned on the VPN subnet, and that Netgear does a many2one NAT for all VPN clients on that subnet, so all VPN clients appear to originate from the same LAN IP address. 

Message 14 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

"

Again: This depends on the capabilities of the OpenVPN client resp. the restricted privileges and Kernel access rights available on iOS and Android. The subnet you see is just an intermediate transport network for the VPN. The real disadvantages are in the fact that we have no control on the IP addresses assigned on the VPN subnet, and that Netgear does a many2one NAT for all VPN clients on that subnet, so all VPN clients appear to originate from the same LAN IP address. " -

 

roughly translates to :

 

"No, you wont be able to get onto your internal network subnet to access your internal network and the VPN service is simply a tunnel for you to access the internet through your personal network IP address."

 

Understood. Then IMHO that 'feature' should be removed or stated as such so as not to think the purchaser of the device will have such functionality or simply stated "to access the internet via their business IP." From a business standpoint, its simply irrelevant imho.

Message 15 of 17
schumaku
Guru

Re: Orbi Pro Firmware update - V2.4.0.114

You can still reach your LAN subnet over the VPN client connection as pre-configured and loaded from the Nighthawk or Orbi Pro system, even if there is an intermediate transfer subnet in the VPN connection path. 

 

Do a traceroute from the VPN client to your LAN IP ...

 

No need to argue - the problem is neither with Netgear (I'm not Netgear anyway) nor with th OpenVPN (very popular Open Source VPN implementation). 

 

Android: https://openvpn.net/faq/why-does-the-app-not-support-tap-style-tunnels/
iOS: https://openvpn.net/faq/why-doesnt-the-app-support-tap-style-tunnels/

 

Nothing that blocks you from accessing your LAN in a routed (and NATed) way. It's just not a "remote" Ethernet L2 interface.

 

 

Message 16 of 17
davidcheok
Apprentice

Re: Orbi Pro Firmware update - V2.4.0.114

Understood. Thank you.

Message 17 of 17
Top Contributors
Discussion stats
  • 16 replies
  • 4440 views
  • 5 kudos
  • 4 in conversation
Announcements