×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Orbi RBR50 VPN local network access

sgeiger1
Aspirant
Aspirant
‎2022-02-03 08:16 AM
‎2022-02-03 08:16 AM

Orbi RBR50 VPN local network access

I have setup the VPN server on my Orbi and have successfully connected to in with openVPN on my iOS device.  My local network is set up with 10.1.0.x IP addresses.  When I connect with VPN my device has address 10.1.1.x.   

 

I cannot resolve local address names using the server.local addresses.  i can using the direct IP numbers.  

 

Is there a way to bridge this?  Or configure differently so my VPN connected device can resolve the *.local addresses?

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 4
Labels:
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-02-03 08:33 AM
‎2022-02-03 08:33 AM

Re: Orbi RBR50 VPN local network access

Can you please explain how "local" addresses are being resolved on the primary network? (10.1.0.x)

Perhaps give an example?

 

On my RBR50, the only way I was able to resolve local addresses was to configure them on a Pi-hole server and direct Orbi DNS to the Pi-hole rather than a more typical internet DNS resolver (Google, OpenDNS, Cloudflare, etc.)

 

Putting VPN clients in a different IP subnet (with a static route to the primary subnet) is the way tap VPN's work.  This isolates the VPN subnet from all the broadcast traffic going on within the primary subnet (ARP's, DHCP broadcasts, multicast broadcasts, etc. etc.)

Message 2 of 4
0 Kudos
Reply
sgeiger1
Aspirant
Aspirant
‎2022-02-03 08:44 AM
‎2022-02-03 08:44 AM

Re: Orbi RBR50 VPN local network access

I don't know the technical details, but I believe it's using mDNS from what I'm able to find with a search.  

 

https://en.wikipedia.org/wiki/.local

Message 3 of 4
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-02-03 03:05 PM
‎2022-02-03 03:05 PM

Re: Orbi RBR50 VPN local network access

(Sorry for the delay.  One of the most interesting aspects of the community forum is the opportunity to learn 'new things' about networking - at least new to me!)

 

My earlier comment was exactly backwards.  iOS and Android support only the tun interface for OpenVPN. (Internet searches will turn up lots of articles comparing tap vs. tun, with pros and cons for both.)

 

The key to the present situation is that with the tun interface, there is a static route on the Orbi which knows how to get from the VPN IP subnet to the Orbi primary LAN IP subnet. Any packet destined for a LAN IP will get there. Any packet not specifically sent to a LAN IP address will not.  That reserved multicast IP address (224.0.0.251) is not intended for the 10.1.0.x subnet, so it does not go there. (and thus no device responds "Here I am at IP 10.1.0.xxxx")

 

In addition to iOS and Android not supporting VPN over tap, there appear to be similar restrictions on MacOS:

https://tunnelblick.net/cTunTapConnections.html  

 

On Windows, the solution would be relatively simple: modify the hosts file with entries for these devices. Surely there cannot be very many of these devices that respond to Bonjour.  Alas, I have spent some time searching two topics and come up with nothing:

  • tap VPN interface for iOS
  • Modiify hosts file file in iOS

    (Actually, Windows supports the VPN tap interface already, so either method would work.)

     

    Sorry to have failed to come up with a solution.

     

Message 4 of 4
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2022-02-03 08:16 AM
  • 1421 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7