×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Re: VPN

mmgala
Aspirant

VPN

HI

 

i tried to activate VPN, bunt it wont connect via my android phone.

 

I activated the DDNS on my orbi router RBR50.

 

i activated VPN using default settings (UDP) standard ports and downloaded the ovpn to my phone.

 

installed openvpn and used the file....btried to connect over 5g but with no luck.

 

found a puplic ovpn which worked, so i guess it must be something with my settings, any ideas?

Message 1 of 15
FURRYe38
Guru

Re: VPN

Does this help any?

https://kb.netgear.com/31489/How-do-I-use-VPN-on-my-Orbi-system-with-my-iOS-device

 

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

Message 2 of 15
CrimpOn
Guru

Re: VPN


@mmgala wrote:

installed openvpn and used the file....tried to connect over 5g but with no luck.

found a puplic ovpn which worked, so i guess it must be something with my settings, any ideas?


Can you please expand on "tried to connect over 5g"?  i.e. was the phone connected to the Orbi 5G WiFi system when you tried to use OpenVPN or does 5g refer to Cell Phone network (the "new 5G network" that every company is boasting about)?

 

OpenVPN is included in residential routers, such as the Orbi, to allow the owner to access devices on the local LAN when away (not physically connected to the LAN). It is a VPN 'host'.  The way to test it is to disconnect from the Orbi WiFi by disabling WiFi on the phone and then activating OpenVPN Connect.  If you are away from home (at Starbucks, airport, office, etc.) and connected to WiFi, then OpenVPN Connect will create a tunnel through the internet to the Orbi and allow access to devices on the Orbi LAN. (media servers, computers, printers, the Orbi itself).

 

It appears that what you want is a VPN 'client' to encrypt your internet activity when connected to the Orbi WiFi.  That is not what the Orbi OpenVPN is intended for.  There are brands of routers which offer a VPN client mode, but Netgear is not one of them.

Message 3 of 15
mmgala
Aspirant

Re: VPN

Thanks for the answer.

 

I´m looking to create a tunnel to my local network, when away from home as I tried to point out, but maby not specific enough, and i therefore disabled my wifi only using 5g (mobilenetwork) to test this out.

 

I used openvpn on my phone with the downloaded ovpn settings from the ORBI router, which also have DDNS activated, BUT it did not connect.

 

My phone could connect to at japanese vpn with no problem.....just to test the app out, and it worked.

 

 

Message 4 of 15
mmgala
Aspirant

Re: VPN

Hi

 

Thanks for the answer.

 

This was exactly what i did (link), but i wont connect through/to my router.

 

i´m currently on V2.7.3.22 which i guess should be the latest.

 

The fiber box is a:

Alcatel-Lucent G-241W-P

 

 

Message 5 of 15
CrimpOn
Guru

Re: VPN


@mmgala wrote:

I´m looking to create a tunnel to my local network, when away from home as I tried to point out, but maby not specific enough, and i therefore disabled my wifi only using 5g (mobilenetwork) to test this out.

 

I used openvpn on my phone with the downloaded ovpn settings from the ORBI router, which also have DDNS activated, BUT it did not connect.


The OpenVPN Connect app on my Android phone (version 3.2.6) produces a log file of the connection process (in the upper right corner of the screen on my phone).  Mine looks like this:

10:53:37.912 -- ----- OpenVPN Start -----
10:53:37.912 -- EVENT: CORE_THREAD_ACTIVE
10:53:37.913 -- OpenVPN core 3.git::d3f8b18b:Release android arm64 64-bit PT_PROXY
10:53:37.915 -- Frame=512/2048/512 mssfix-ctrl=1250
10:53:37.921 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [5]
10:53:37.922 -- EVENT: RESOLVE
10:53:37.998 -- Contacting ###.249.112.236:12973 via UDP
10:53:37.998 -- EVENT: WAIT
10:53:38.000 -- Connecting to [######.mynetgear.com]:12973 (###.249.112.236) via UDPv4
10:53:38.048 -- EVENT: CONNECTING
10:53:38.050 -- Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
10:53:38.050 -- Creds: UsernameEmpty/PasswordEmpty
10:53:38.050 -- Peer Info:
IV_VER=3.git::d3f8b18b:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.6-7729
IV_SSO=webauth,openurl
10:53:38.143 -- VERIFY OK: depth=1, /C=TW/ST=TW/L=Taipei/O=netgear/OU=netgear/CN=netgear CA/name=EasyRSA/emailAddress=mail@netgear, signature: RSA-SHA256
10:53:38.144 -- VERIFY OK: depth=0, /C=TW/ST=TW/L=Taipei/O=netgear/OU=netgear/CN=server/name=EasyRSA/emailAddress=mail@netgear, signature: RSA-SHA256
10:53:38.290 -- SSL Handshake: peer certificate: CN=server, 1024 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
10:53:38.291 -- Session is ACTIVE
10:53:38.291 -- EVENT: GET_CONFIG
10:53:38.295 -- Sending PUSH_REQUEST to server...
10:53:38.383 -- OPTIONS:
0 [dhcp-option] [DNS] [192.168.1.1]
1 [route-gateway] [192.168.2.1]
2 [topology] [subnet]
3 [ping] [10]
4 [ping-restart] [120]
5 [redirect-gateway] [def1]
6 [ifconfig] [192.168.2.2] [255.255.255.0]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
10:53:38.384 -- PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  key-derivation: OpenVPN PRF
  compress: LZO_STUB
  peer ID: 0
10:53:38.385 -- EVENT: ASSIGN_IP
10:53:38.411 -- Connected via tun
10:53:38.411 -- LZO-ASYM init swap=0 asym=1
10:53:38.411 -- Comp-stub init swap=0
10:53:38.412 -- EVENT: CONNECTED info='#####.mynetgear.com:12973 (###.249.112.236) via /UDPv4 on tun/192.168.2.2/ gw=[192.168.2.1/]'

Does your log file show any error messages?

 

Message 6 of 15
mmgala
Aspirant

Re: VPN

hi 

 

tried to extraxt the files you mentioned (attached)

Message 7 of 15
CrimpOn
Guru

Re: VPN

Thanks for the information.  This exercise has made me realize that OpenVPN Connect keeps adding onto the previous log file.  (I have now learned to use the 'x' icon to delete the log before doing any tests!)

 

The key point is where OpenVPN Connect tries to reach the IP address of the Orbi and "times out".  It keeps trying until it finally gives up.

Can you verify from the Orbi Advanced Tab that the Public IP address of the Orbi matches the IP address in the log file?

Message 8 of 15
mmgala
Aspirant

Re: VPN

If i do a web search for my IP it matches the one from the log. BUT i can´t find that IP anywhere in the ORBI settings, thats a totally different IP....or maby im looking in the wrong place (attached)

 

 

 

Message 9 of 15
CrimpOn
Guru

Re: VPN

You looked in exactly the correct place.  Probably time to ask exactly what ISP device the Orbi is connected to?

(The goal being to determine whether this device is also a router.)

 

Just for fun, when you access a web site such as https://www.whatismyip.com/ what does it say?

The one that starts with 185 or the one that starts with 100?

Message 10 of 15
mmgala
Aspirant

Re: VPN

HI

 

It is connected to a  Alcatel-Lucent G-241W-P.

 

"Whats my ip" comes up withe the 185 address, the 100 is from  my orbi

Message 11 of 15
CrimpOn
Guru

Re: VPN

if this is it, then it is most certainly a router.

https://fccid.io/2ADZRG241W-A/User-Manual/Users-Manual-2688980.pdf 

 

The trick then is to do one of two things:

  1. Put the Alcatel into "bridge" or "passthrough" mode so that the Orbi WAN address will be assigned the public IP address, or
  2. Put the IP address of the Orbi into the Alcatel DMZ.

There seem to be user manuals for this product on the web (many sites).

Or, the ISP tech support line may be able to do this for you.

Message 12 of 15
mmgala
Aspirant

Re: VPN

was just now trying to gain acces to the alcatel, but with little luck, i might have to contact my isp to try to help me out.

 

thanks very much for your help, much appreciated

Message 13 of 15
slipsibm
Aspirant

Re: VPN

Not sure if this was your issue or if you got it working but I found that the default tls setting on iOS openvpn client is tls 1.3 but Orbi seems to only like 1.2 (at least Orbi V2.7.4.24) once I set client to tls 1.2 (or more accurately, "Profile Default") I was able to connect. Just putting out there in case anyone else has issues.

Message 14 of 15
mmgala
Aspirant

Re: VPN

HI

 

I kind of put the project to the grave, but have now finally contacted my internet provider.....the alcatel is in bridge mode and there should be no restrictions in the firmware towards my router.

 

so now i'm stuck again with the problem properly being somewhere in the ORBI setup...........im also playing with WOL form outside (5G) and this is not working either......really considering throwing the orbi in the bin

Message 15 of 15
Top Contributors
Discussion stats
  • 14 replies
  • 2467 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7