I'm trying to set up my Orbi RBR50 to use as a VPN - so when I'm "out of the house" I can still access data inside my LAN, and also access streaming (cable) services that expect me to be at my house in order to see all channels.
If I “ping xxxx.mynetgear.com” from inside my network, it resolves to A.B.C.D (seems promising), and I get a response.
If I “ping xxxx.mynetgear.com” from outside my network, it still resolves to A.B.C.D but times out. I presume because the Orbi (or maybe the ATT modem) is set to not reply to an external ping.
So far, so good…
I enable the VPN Service on the Orbi, and I download the VPN configuration package “FOR WINDOWS”.
That config package contains a zip file with some .crt files, a client.key and a client.ovpn file.
Looking in the .ovpn file with a text editor, I see two lines that appear relevant (per the rest of the steps)
Dev-node NETGEAR-VPN [Eventually supposed to rename an Adapter to this]
Remote xxxx.mynetgear.com [ <-- it matches the DDNS site I created.]
I move the files from the configuration zip into C:\Program Files\OpenVPN\config (per step 17 from the linked instructions)
I start down the path at step 8 to install the VPN client on my laptop – go to OpenVPN and download “OpenVPN-2.6.12-I001-amd64.msi” However, when I run it, it doesn’t ask me to read a license agreement (step 12), check a box (step 13), or specify an install location (step 14) – it just runs and offers the button “Install Now” (also “Customize”, which I did not pick).
I hit “Install Now” and it runs and finishes. It installed at C:\Program Files\OpenVPN - never asked for a location.
Step 18 says “For client devices with Windows, modify the VPN interface name to NETGEAR-VPN”
I’m on Win10, so I follow (b) and (d) (FWIW, the text is wrong – my choice is “Change adapter options” not “Change adapter settings”)
I see an adapter named “OpenVPN TAP-Windows6” with a description of “TAP-Windows Adapter”.
At this point I’m confused. The next step (18.f) says “Select the local area connection and change its name (not its device name) to NETGEAR-VPN”
I am not clear on the difference between “its” name, and "its device name". I only see a single name to change (“OpenVPM TAP-Windows6”) – is that the device name or not? If I right click and choose “rename”, I get to edit “OpenVPN TAP-Window6” – so I do, and rename it to NETGEAR-VPN.
-=-=-=-=-=-=-=-=-=-
At this point I am done with all the instructions and should be ready to test the VPN connection.
I disconnect my computer from the LAN WiFi, and connect to the internet via my phone’s hotspot.
I confirm I’m outside my LAN via ipconfig -> 172.20.10.14
I ping xxxx.mynetgear.com and get the IP resolving to A.B.C.D, but timing out.
I try to launch the OpenVPN GUI from the shortcut installed on my desktop, and … nothing happens. Nothing opens – no GUI, no VPN connection (I’m still at 172.20.10.14) – nothing.
Task Manager does show a Process “OpenVPN GUI for Windows” running, but it’s using no resources. There are also “OpenVPN Service”, and “Openvpnserv2” running as well.
I reboot my laptop – all three processes are running right away, so my having tried to run the OpenVPN GUI didn’t actually do anything (the process was already launched before I tried that step).
I’m baffled at this point. Even if I messed up with the re-naming above, shouldn’t the OpenVPN GUI open up and tell me there’s a connection problem?
It feels like maybe I missed some step in the installation of OpenVPN - and the behavior I actually saw did not actually match the steps listed in the instructions also making me nervous. Any ideas what I did wrong such that I get no actual GUI from OpenVPN?
Maybe this is really a problem for an OpenVPN forum, but i figured I'd start here, since I don't know (yet) that I have the VPN actually working on the Orbi either (is there some way to confirm that, short of getting OpenVON to work and actually connecting?).
VPN access to the home network (Orbi system) depends on the internet connection reaching the Orbi router. From the description, it appears that the Orbi router is 'hidden' behind the AT&T router using Network Address Translation (NAT). Thus the VPN connection attempt reaches the AT&T (at IP address A.B.C.D.) and the AT&T router does not accept the connection. (All residential routers refuse connections unless they have been specifically programmed to accept them.)
Having two routers is commonly called a "Double NAT" condition. VPN access is one of the specific applications that are most commonly affected by Double NAT. (Internet search for Double NAT and OpenVPN will bring up additional information).
There are several methods to handle this problem:
Remove the Double NAT so that there is only one router and internet connections go directly to it. There are two common methods to accomplish this:
Put the AT&T router into Passthrough mode (sometimes called bridge mode). This may be complicated if (a) there are devices besides the Orbi connected directly to the AT&T router.
Place the Orbi router in the AT&T router's DMZ.
Another tactic is to configure the AT&T router to forward the VPN ports to the Orbi router. OpenVPN on Orbi routers defaults to use ports 12973 and 12974. If those two ports are forwarded through the AT&T router to the IP address of the Orbi (192.168.0.98), then OpenVPN connections should work.
Either way, this requires getting into the management interface of the AT&T router.
* Checked the "external ping" from my phone - when the Router is the front line, I get no ping reply (the router is set to ignore external pings), but the Orbi is set to reply (aside - it seems like a grayed out option checked "on", and I have no choice but to do this), and when I go to Passthrough mode, an external ping gets a response - suggesting the Orbi is getting the external packet and responding.
* Connected the Laptop to the phone's hotspot, confirmed the external IP 172.20.10.14, and tried to ping xxxx.mynetgear.com - and get a reply
* try to launch OpenVPN on my laptop - nothing.
So at least I think I've narrowed it down to "something wrong with my OpenVPN installation (right?). I followed the steps outlined on the netgear page
so maybe there's still some hope that someone here can help. If not, I guess I either have to try OpenVPN knowledge base, or else find a different VPN client software to use.
My RBR50 also has the option "Respond to ping on internet port" grayed out and not available to click on. When I turn off WiFi on my smartphone, the phone is not able to ping the public IP address of the Orbi router. My impression is that Netgear decided that responding to ping simply invites internet attacks and no longer enables users to enable this option. Very puzzled that your RBR50 would respond to ping. (My firmware release is v2.7.5.4)
Sometimes it is helpful to increase the level of information that OpenVPN writes to the log file by adding verb 5 to the end of the configuration file. i.e.:
client
dev tun
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
dev-node NETGEAR-VPN
remote xxx.netgear.com 12973
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca750.crt
cert client750.crt
key client750.key
cipher AES-128-CBC
comp-lzo
verb 5
Starting on the tangential point, for me, in the Orbi interface at Advanced > Setup > WAN Setup, I see the attached image. "Respond to Ping on Internet Port" appears to be "checked on" and is grayed out. That is consistent with the behavior I seem to be getting.
Also, when I go to Advanced > Administration > Firmware Update, I'm told "current version = V2.7.4.24" and "Status = No new firmware version available" However, you report using v2.7.5.4 - suggesting there *is* a new version, and for some reason my Orbi is giving bad info. Not sure that solves the VPN issue, but maybe it does impact the ping?...
In any case, I can add verb 5 to the .ovpn , but I don't think that's going to increase data written to the log file (at least not yet), becuase there's no log file being generated. There is no indication that OpenVPN is actually running - double clicking on the openvpn-gui.exe results in nothing happening - no GUI appears, no process starts, no log files get written.
That said, if I delete the files (from the Orbi download - .ovpn, etc.) I had moved to C:\Program Files\OpenVPN\Config
and then I double click on the .ovpn file saved in another folder, I *do* get a popup dialog from OpenVPN GUI asking "Do you want to import the profile <client>?" so something seems to be working, but only if I'm trying to do a setup.
Also, checking back to the part where on the PC I renamed a Network Adapter to "NETGEAR-VPN" - did I accomplish that correctly? I had some confusion on what to rename - the KB instructions seemed to say there were two options for things to rename and to be sure to pick the right one, but I only found one option. Maybe I've not got something named correctly?
That is such a hoot! (That your Orbi has the Ping option enabled and cannot be turned off and mine is off and cannot be turned on.)
Alas, Netgear's firmware update process on Orbi products is frustrating. For the original Orbi system (RBR50 and RBS50), Netgear published firmware V2.7.5.4 in February of 2023 and never set the Update Firmware mechanism to recognize and install it. (Firmware appears to be released in phases and commonly first appears on the support web site where early adopters can download, install, and experience "what happens". If there are not too many negative reports, the internal mechanism is typically set to announce "new firmware" for some period (maybe years), and finally Netgear may decide to push the new version in the middle of the night.)
In the case of the "50" system, it appears that the final firmware release came about the time the product was being declared End of Service and it never went past the first phase.
Anyway, users are free to download the newest firmware from the support web site and install it manually on their systems. I have been running it on my RBR50/RBS50 for over a year.
Not sure what is keeping your OpenVPN from running on the PC. I went "whole hog" and installed OpenVPN on my smartphone and a Windows laptop. That way, I can test OpenVPN on the smartphone first to see that it is working. Then, I create a Hot Spot on the smartphone and connect the laptop to test OpenVPN on it. (while not connecting the smartphone with OpenVPN)
Thanks for the v2.7.5.4 help, I went and updated to that - both satellites and the router - all seem happily on the new version and connected (one of the satellites used to report a "config error" on the backhaul - although it worked fine - but that error is now gone!). FWIW, my ping state is still locked "on" and grayed. Hmm...
Anyhow, I think this has become an OpenVPN problem - I can't seem to get it installed properly on my laptop, and that's more an OVPN problem than an Orbi problem, so I'll look to take the fight over to the OpenVPN forums. At least I got the "double NAT" sorted out here.
