- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Orbi RBR40 Openvpn problem with dev tap
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Orbi RBR40 firmware 2.5.1.16 running OpenVPN. Just addressing UDP, not TCP for now.
I can connect with both tun and tap, tun seems to work OK but not tap.
TUN: vpn client gets assigned a different IP address than the regular internal LAN range (regular is 10.3.2.x, vpn client gets assigned 10.3.3.x which I would expect with a tun connection). access to external web sites works fine, access to 'regular' internal resources like printers and network shares and the Orbi admin page works fine so the Orbi must be creating some routing table rules behind the scenes.
TAP: vpn client gets assigned a regular internal LAN address from the DHCP pool (I've got it starting at .51, everything else is static-assigned below 50). Seems OK but I can't connect to (ping or network shares or web admin pages etc) any other 10.3.2.x resources. tap should not need any routing rules, unlike tun.
further, I can't browse any internet web sites. In firefox a security warning pops up, something about an invalid self-signed certificate. Not sure if this has to do with the lack of internal LAN connectivity.
One other item, when connected via tun and floating the cursor over the openvpn taskbar tray icon, the 'Assigned IP' shows the correct value 10.3.3.3. When doing this when connected via tap, 'Assigned IP' is blank even though running 'ipconfig' in a command windows shows me IP address 10.3.2.51, so my network adapter and windows seems to think I have a valid IP but openvpn does not. So maybe a config file issue?
The tun openvpn config file is identical to the tap one except for the 'dev' line and they both include 'remote-cert-tls server'.
I'm testing from outside my own home LAN and I've had openvpn tap and tun working on this windows 10 computer previously on an archer c7 router with dd-wrt installed and running openvpn.
Any troubleshooting suggestions are very welcome!
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mstrbig, thanks for checking in on this. The problem turned out to be my Netgear access controls. I've turned those on to restrict network access to explicitly listed MAC addresses and failed to realize that the OpenVPN client install, when creating the new (virtual) network adapter that is usually renamed to 'NETGEAR-VPN', would also create a new MAC address associated with that adapter. Adding that MAC to my access list made the tap connection work correctly. So now I can see everything on my LAN, connect to the internet etc. Interestingly, the OpenVPN taskbary tray icon still does not show anything under 'Assigned IP' when using tap but as I said before, ipconfig shows the correct address and my router shows that IP address and new virtual MAC address connected, so apparently just a minor OpenVPN client tray bug.
I think tcp OpenVPN connections are still not working but haven't bothered trouble-shooting yet since udp works.
Regarding your questions, the equipment is all my own (Motorola SB6183 cable modem is purchased, not leased/rented), ISP is comcast, the Orbi is hard-wired to the cable modem and the only network firewall running is the Netgear Orbi (all computers are running anti-virus software). Those are all good areas to check, I use DDNS to track my public IP so I don't have a static one assigned from comcast. With ddwrt I specified routing table entries and firewall rules to handle tun OpenVPN connections for Samba shares, printers etc mainly because I use Android where tap is not supported but with the Orbi, I can't do any of that (not without a lot of work using undocumented access features anyway, and then it would be a bear to maintain). Fortunately Orbi seems to handle that automatically behind the scenes pretty well.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR40 Openvpn problem with dev tap
Who is your ISP and what equipment did they provide?
What device is your Orbi router connected to?
What firewall and virus protection are you running?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mstrbig, thanks for checking in on this. The problem turned out to be my Netgear access controls. I've turned those on to restrict network access to explicitly listed MAC addresses and failed to realize that the OpenVPN client install, when creating the new (virtual) network adapter that is usually renamed to 'NETGEAR-VPN', would also create a new MAC address associated with that adapter. Adding that MAC to my access list made the tap connection work correctly. So now I can see everything on my LAN, connect to the internet etc. Interestingly, the OpenVPN taskbary tray icon still does not show anything under 'Assigned IP' when using tap but as I said before, ipconfig shows the correct address and my router shows that IP address and new virtual MAC address connected, so apparently just a minor OpenVPN client tray bug.
I think tcp OpenVPN connections are still not working but haven't bothered trouble-shooting yet since udp works.
Regarding your questions, the equipment is all my own (Motorola SB6183 cable modem is purchased, not leased/rented), ISP is comcast, the Orbi is hard-wired to the cable modem and the only network firewall running is the Netgear Orbi (all computers are running anti-virus software). Those are all good areas to check, I use DDNS to track my public IP so I don't have a static one assigned from comcast. With ddwrt I specified routing table entries and firewall rules to handle tun OpenVPN connections for Samba shares, printers etc mainly because I use Android where tap is not supported but with the Orbi, I can't do any of that (not without a lot of work using undocumented access features anyway, and then it would be a bear to maintain). Fortunately Orbi seems to handle that automatically behind the scenes pretty well.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR40 Openvpn problem with dev tap
Glad you figured most of it out. Keep us posted.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more