×  Introducing Nighthawk RS700 WiFi 7 (BE) Router. For more details, please visit Nighthawk Tri-Band WiFi 7 Router.
Reply

Re: VPN

mmgala
Aspirant

VPN

HI

 

i tried to activate VPN, bunt it wont connect via my android phone.

 

I activated the DDNS on my orbi router RBR50.

 

i activated VPN using default settings (UDP) standard ports and downloaded the ovpn to my phone.

 

installed openvpn and used the file....btried to connect over 5g but with no luck.

 

found a puplic ovpn which worked, so i guess it must be something with my settings, any ideas?

Message 1 of 14
FURRYe38
Guru

Re: VPN

Does this help any?

https://kb.netgear.com/31489/How-do-I-use-VPN-on-my-Orbi-system-with-my-iOS-device

 

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX30 Mode Mode  | Wifi Router XR500 and RBK863 Router mode | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX3/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, R7000, R7800, R7960P, R8000, R8500, RAXE500, RAX120v2, RAX50v2, XR450/500/700/1000, EX7500/EX7700

Message 2 of 14
CrimpOn
Guru

Re: VPN


@mmgala wrote:

installed openvpn and used the file....tried to connect over 5g but with no luck.

found a puplic ovpn which worked, so i guess it must be something with my settings, any ideas?


Can you please expand on "tried to connect over 5g"?  i.e. was the phone connected to the Orbi 5G WiFi system when you tried to use OpenVPN or does 5g refer to Cell Phone network (the "new 5G network" that every company is boasting about)?

 

OpenVPN is included in residential routers, such as the Orbi, to allow the owner to access devices on the local LAN when away (not physically connected to the LAN). It is a VPN 'host'.  The way to test it is to disconnect from the Orbi WiFi by disabling WiFi on the phone and then activating OpenVPN Connect.  If you are away from home (at Starbucks, airport, office, etc.) and connected to WiFi, then OpenVPN Connect will create a tunnel through the internet to the Orbi and allow access to devices on the Orbi LAN. (media servers, computers, printers, the Orbi itself).

 

It appears that what you want is a VPN 'client' to encrypt your internet activity when connected to the Orbi WiFi.  That is not what the Orbi OpenVPN is intended for.  There are brands of routers which offer a VPN client mode, but Netgear is not one of them.

I love my Orbi.
Message 3 of 14
mmgala
Aspirant

Re: VPN

Thanks for the answer.

 

I´m looking to create a tunnel to my local network, when away from home as I tried to point out, but maby not specific enough, and i therefore disabled my wifi only using 5g (mobilenetwork) to test this out.

 

I used openvpn on my phone with the downloaded ovpn settings from the ORBI router, which also have DDNS activated, BUT it did not connect.

 

My phone could connect to at japanese vpn with no problem.....just to test the app out, and it worked.

 

 

Message 4 of 14
mmgala
Aspirant

Re: VPN

Hi

 

Thanks for the answer.

 

This was exactly what i did (link), but i wont connect through/to my router.

 

i´m currently on V2.7.3.22 which i guess should be the latest.

 

The fiber box is a:

Alcatel-Lucent G-241W-P

 

 

Message 5 of 14
CrimpOn
Guru

Re: VPN


@mmgala wrote:

I´m looking to create a tunnel to my local network, when away from home as I tried to point out, but maby not specific enough, and i therefore disabled my wifi only using 5g (mobilenetwork) to test this out.

 

I used openvpn on my phone with the downloaded ovpn settings from the ORBI router, which also have DDNS activated, BUT it did not connect.


The OpenVPN Connect app on my Android phone (version 3.2.6) produces a log file of the connection process (in the upper right corner of the screen on my phone).  Mine looks like this:

10:53:37.912 -- ----- OpenVPN Start -----
10:53:37.912 -- EVENT: CORE_THREAD_ACTIVE
10:53:37.913 -- OpenVPN core 3.git::d3f8b18b:Release android arm64 64-bit PT_PROXY
10:53:37.915 -- Frame=512/2048/512 mssfix-ctrl=1250
10:53:37.921 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [5]
10:53:37.922 -- EVENT: RESOLVE
10:53:37.998 -- Contacting ###.249.112.236:12973 via UDP
10:53:37.998 -- EVENT: WAIT
10:53:38.000 -- Connecting to [######.mynetgear.com]:12973 (###.249.112.236) via UDPv4
10:53:38.048 -- EVENT: CONNECTING
10:53:38.050 -- Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
10:53:38.050 -- Creds: UsernameEmpty/PasswordEmpty
10:53:38.050 -- Peer Info:
IV_VER=3.git::d3f8b18b:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.6-7729
IV_SSO=webauth,openurl
10:53:38.143 -- VERIFY OK: depth=1, /C=TW/ST=TW/L=Taipei/O=netgear/OU=netgear/CN=netgear CA/name=EasyRSA/emailAddress=mail@netgear, signature: RSA-SHA256
10:53:38.144 -- VERIFY OK: depth=0, /C=TW/ST=TW/L=Taipei/O=netgear/OU=netgear/CN=server/name=EasyRSA/emailAddress=mail@netgear, signature: RSA-SHA256
10:53:38.290 -- SSL Handshake: peer certificate: CN=server, 1024 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
10:53:38.291 -- Session is ACTIVE
10:53:38.291 -- EVENT: GET_CONFIG
10:53:38.295 -- Sending PUSH_REQUEST to server...
10:53:38.383 -- OPTIONS:
0 [dhcp-option] [DNS] [192.168.1.1]
1 [route-gateway] [192.168.2.1]
2 [topology] [subnet]
3 [ping] [10]
4 [ping-restart] [120]
5 [redirect-gateway] [def1]
6 [ifconfig] [192.168.2.2] [255.255.255.0]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
10:53:38.384 -- PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  key-derivation: OpenVPN PRF
  compress: LZO_STUB
  peer ID: 0
10:53:38.385 -- EVENT: ASSIGN_IP
10:53:38.411 -- Connected via tun
10:53:38.411 -- LZO-ASYM init swap=0 asym=1
10:53:38.411 -- Comp-stub init swap=0
10:53:38.412 -- EVENT: CONNECTED info='#####.mynetgear.com:12973 (###.249.112.236) via /UDPv4 on tun/192.168.2.2/ gw=[192.168.2.1/]'

Does your log file show any error messages?

 

I love my Orbi.
Message 6 of 14
mmgala
Aspirant

Re: VPN

hi 

 

tried to extraxt the files you mentioned (attached)

Message 7 of 14
CrimpOn
Guru

Re: VPN

Thanks for the information.  This exercise has made me realize that OpenVPN Connect keeps adding onto the previous log file.  (I have now learned to use the 'x' icon to delete the log before doing any tests!)

 

The key point is where OpenVPN Connect tries to reach the IP address of the Orbi and "times out".  It keeps trying until it finally gives up.

Can you verify from the Orbi Advanced Tab that the Public IP address of the Orbi matches the IP address in the log file?

I love my Orbi.
Message 8 of 14
mmgala
Aspirant

Re: VPN

If i do a web search for my IP it matches the one from the log. BUT i can´t find that IP anywhere in the ORBI settings, thats a totally different IP....or maby im looking in the wrong place (attached)

 

 

 

Message 9 of 14
CrimpOn
Guru

Re: VPN

You looked in exactly the correct place.  Probably time to ask exactly what ISP device the Orbi is connected to?

(The goal being to determine whether this device is also a router.)

 

Just for fun, when you access a web site such as https://www.whatismyip.com/ what does it say?

The one that starts with 185 or the one that starts with 100?

I love my Orbi.
Message 10 of 14
mmgala
Aspirant

Re: VPN

HI

 

It is connected to a  Alcatel-Lucent G-241W-P.

 

"Whats my ip" comes up withe the 185 address, the 100 is from  my orbi

Message 11 of 14
CrimpOn
Guru

Re: VPN

if this is it, then it is most certainly a router.

https://fccid.io/2ADZRG241W-A/User-Manual/Users-Manual-2688980.pdf 

 

The trick then is to do one of two things:

  1. Put the Alcatel into "bridge" or "passthrough" mode so that the Orbi WAN address will be assigned the public IP address, or
  2. Put the IP address of the Orbi into the Alcatel DMZ.

There seem to be user manuals for this product on the web (many sites).

Or, the ISP tech support line may be able to do this for you.

I love my Orbi.
Message 12 of 14
mmgala
Aspirant

Re: VPN

was just now trying to gain acces to the alcatel, but with little luck, i might have to contact my isp to try to help me out.

 

thanks very much for your help, much appreciated

Message 13 of 14
slipsibm
Aspirant

Re: VPN

Not sure if this was your issue or if you got it working but I found that the default tls setting on iOS openvpn client is tls 1.3 but Orbi seems to only like 1.2 (at least Orbi V2.7.4.24) once I set client to tls 1.2 (or more accurately, "Profile Default") I was able to connect. Just putting out there in case anyone else has issues.

Message 14 of 14
Top Contributors
Discussion stats
  • 13 replies
  • 1724 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 6E