Orbi WiFi 7 RBE973
Reply

Orbi RBS850 VPN Client Devices Cannot Access LAN

ErikSFRFR
Aspirant

Orbi RBS850 VPN Client Devices Cannot Access LAN

I'm struggling to setup my VPN such that I can access the devices on my LAN.  I'm using OpenVPN and No-IP for my dynamic DNS.

 

I have downloaded the OpenVPN configuration to my phone with the setting "Clients will use this VPN connection to access All sites on the Internet & Home Network"

 

I can see on the OpenVPN app and as well on my router that the device is connected (connecting on my cellular connection but with VPN connected), however I am unable to access other devices on the local network which I am able to do when connected directly to the wifi. 

 

One thing I noticed is that the client device joins on a separate subnet 245.XXX vs. the rest of the devices on my LAN which are on 1.XXX

 

Any help debugging would be greatly appreciated!

Message 1 of 9
CrimpOn
Guru

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

It would help to know how the phone is attempting to access other devices on the LAN.

Because smartphone VPN connections are tun (Layer 3 "tunnel") rather than tap (Layer 2 "tapped into the subnet") communications that rely on LAN broadcasts may not be successful, whereas communications that specifically provide the target IP address will.

https://en.wikipedia.org/wiki/TUN/TAP 

 

What application is being used on the smartphone?

iPhone or Android?

 

Message 2 of 9
ErikSFRFR
Aspirant

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

Thanks @CrimpOn I'm using an iPhone.

I have an Amcrest camera and an Aquarium controller (GHL Profilux) on my local network. Both are assigned to a static IP address by the router. I'm not sure how to tell exactly how the respective apps are accessing the devices.

 

Interestingly for the Camera - I can get a response by putting the IP address directly into the browser. It isn't possible to access the feed that way (that functionality is no longer supported), but it does bring up a log in prompt - something that does not happen if you are both off the network and not on VPN. Going through the app though, I cannot access the feed as I can when I'm on the local wifi network. The app for the aquarium controller requires entering the IP address in order to make a local connection, but I'm unclear how to determine how the phone is accessing the device. 

 

I run into a similar issue on my Mac when I VPN where I cannot access these devices. I also cannot see the other macs on the network under "network" which I can when I am on the local network.

 

I had VPN setup on the Orbi previously and was at that time able to access the devices. I'm not entirely sure what has changed. I accidentally let my No-IP account lapse and when I got it reinstated I set up my VPN again and it hasn't worked right since.

Message 3 of 9
CrimpOn
Guru

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN


@ErikSFRFR wrote:

One thing I noticed is that the client device joins on a separate subnet 245.XXX vs. the rest of the devices on my LAN which are on 1.XXX


Is this a typo?  I have OpenVPN installed on an RBR750 and (because I'm using Windows) can connect with either tap or tun method:

  • tap puts me on the same IP subnet as the LAN, which in this case is 10.0.0.x  (When an Orbi router is connected to a router that has created 192.168.1.x for the LAN subnet, then the Orbi creates 10.0.0.x  Strange behavior, but that's what it does.)
  • tun (tunnel) puts me on the 192.168.254.x subnet.  Since my PC is the only device connected by VPN right this minute, it got assigned 192.168.254.2  (192.168.254.1 is the LAN IP of the Orbi RBR750.)

Windows appears to be the only operating system that supports tap connections, and only with OpenVPN version 2.  Everybody else (Android and Apple smartphones, Macs, etc.) supports only tun connections, and OpenVPN version 3 has dropped tap for Windows.

 

 

Message 4 of 9
ErikSFRFR
Aspirant

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

You are right  - it is 254.XXX not 245.XXX - I made a typo there.

 

Any thoughts on how to proceed?

Message 5 of 9
CrimpOn
Guru

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

This is where I am stumped. All of my Internet of Things (IoT) devices (cameras, smart plugs, etc.) function by the device itself opening a connection to the vendor 'cloud'.  When my smartphone or tablet app tries to access one of them, the app opens a connection to the cloud and says, "connect me to <whatever>". The cloud knows from my login credentials which devices belong to me, finds the connection in a database, and hooks me up.  Doesn't seem to matter if I am connected directly to the LAN or am "away somewhere".

 

It has been established that the smartphone can connect to a camera on the LAN by using the camera IP address. That means the router knows how to transfer packets from devices on the LAN to/from devices connected over VPN.  My sense is that anything based on a broadcast is doomed to fail.  (such as "any cameras out there?.... anybody?)

 

That it worked before and no longer works, is a puzzle.

Message 6 of 9
ErikSFRFR
Aspirant

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

I'm certain that the connection can be made without access to the internet for my devices (just the LAN) - at least when I am on wifi. What I can't figure out is how to get my VPN devices to actually appear on the network.

 

For my mac, I previously used Tunnelblick but I can't seem to get that to work anymore. Now with my M2 mac I am running the same Open VPN configuration as my phone. Again I am able to connect to the network but as I mentioned I can't see the other devices on the network as I could previously.

Message 7 of 9
ErikSFRFR
Aspirant

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

OK - so I was poking around in all the settings to look for anything that might help. 

 

I stumbled into the IPv6 tab and saw this was disabled. With a little bit of googling it looked like this probably shouldn't be the case so I set it to Auto Config. Seemed like it could be relevant given that it is a communication protocol and has to do with how devices are addressed.

 

I'm not sure if this is the cause or if I just rebooted my router and devices enough times, but it now appears to be working as expected. My network devices are accessible now from both my Mac and iPhone when on VPN or directly on the LAN via wifi. 

 

@CrimpOn - any thoughts?

 

 

Message 8 of 9
CrimpOn
Guru

Re: Orbi RBS850 VPN Client Devices Cannot Access LAN

No idea. IPv6 is enabled on my Orbi. Search for OpenVPN and IPv6 turns up lots of articles that center on the OpenVPN server configuration.  That is a "closed book" on Netgear sytesms (like almost everything).

 

Glad you have been able to get past this.

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 570 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi 770 Series