The ORBI is connected to a XFINITY Modem in Bridge Mode.
We set up the E960 for Open VPN by turning Dynamic DNS On and then follow the setiings in VPN section.
E Mailed the folder of Open VPN Windows (all files included) created by the E960 by dropbox to a external user to log in using Open VPN.
When the user tries to log in - using Open VPN he can see the router but gets errors:
No server certificate enabled, aes ciphers and compression for recieving enabled.
Called Netgear support - the agent could not resolve the issue and escalated the issue to 1st level support and said we will get a call aftter 8 hours.
Now waiting....
Previous to the RBR E960 I had the RBK50 with own modem (not Xfinity) and the same user could never Open VPN - so I was hoping that after the new E960 was installed we will have success.
I have OPENDNS working on two (older) Orbi systems and have a vague memory of seeing this message and ignoring it. Certificates are a pain in the tuckas.
I have OPENDNS working on two (older) Orbi systems and have a vague memory of seeing this message and ignoring it. Certificates are a pain in the tuckas. (it was over two years ago.)
Sorry. Doing this on a phone and have no idea why it posted twice. Or how OpenDNS got in all caps. (or how to spell tuchus. Knew I should've typed a**)
After months of trying to solve this problem taking help of Orbi Pro Support at NETGEAR (which I have paid for and subscribed) this issue still is not solved.
Netgear High Level support now tells me that I need to set up my Orbi 960E Router IP from 198.168.1.1 to 198.168.100.1
Unfortunately, changing the IP to this will not be possible as it will disrupt address reservations of many crucial controls such as Crestron - I have over 90 active IP's at any time in the home and almost 147 registered.
I am loving the Orbi 960E especially recently after lowering the 2.4Ghz Radio Power to 50% on advice from FURRYe38 .... always devices are counting perfectly and I have super fast wifi all over the home.
The main purpose I need OPEN VPN is so that my Crestron Programmer can VPN in the home and program and troubleshoot devices. He needs two run the Crestron program on his PC and we cannot use Team View or such a project.
The programmer lives 1500 miles away so a trip to my home is super expensive and I need two have some VPN capability on my ORBI.
I got Bitfinder VPN with NETGEAR Armor but that does not help as its is only for going out of the system.
I need a true VPN - either Open VPN to work or something else I can buy to solve my Issue and will appreciate any help since NETGEAR Pro Support is unable to help and this solution will make my ORBI 960E Perfect.
Netgear support may be trying to ensure that the LAN subnets at "both ends" of the VPN tunnel are different.
i.e. If the LAN subnet at the Orbi is 192.168.1.x and the LAN subnet at the consult is also 192.168.1.x, then how does his PC know where to find the Crestron? (Is it on his subnet, or yours?)
Accessing the Orbi VPN using OpenVPN works like this:
Disable WiFi on the phone, which forces it to use LTE Data
Open a Hot Spot on my cell phone, which creates a subnet 192.168.43.x (notice that it is NOT 192.168.1.x)
Connect a laptop (tablet, whatever) to the Hot Spot. My tablet just now got 192.168.43.77 for an IP address
Activate OpenVPN on the laptop (tablet...)
How is the consultant accessing your OpenVPN?
Is his PC connected to his local LAN subnet and is it 192.168.1.x?
Can he experiment with using a phone Hot Spot like I do?
I forwarded my Consultant your Post along with the ORBI Open VPN Configuration Package For Windows. I await his response, being the weekend I may see it next week (He is quite tired of months of trial and says that his Old Grandma clients which cheap routers can get him VPN access and is miffed why I cannot 🙂 ).
Just for fun sake, with my very limited knowledge on VPN I worked on your setup using my Mac Air.
I downloaded the Open VPN Configuration package for Mac OSX (as I mentioned before, my consultant will be using a PC). This has four files 1. ca.crt 2. client.crt 3. client.key and 4. client2.conf
I first dowloaded and installed Tunnelblik for OSX on my Mac - followed instructions allowed access through security and settings and rebooted the Mac.
I applied the file 4 above for VPN Client2.conf
The Tunneblick then asked me to install turn and tap system extensions (this is because I am running Mis OSX 12.4
Then I followed your instructions - made my cellphone as a hot spot for the Mac shows it is connected to the iPhone with IP 172.20.10.2
One clicking on the Tunneblick Icon it shows in VPN Details as follows.:
client 2 (this is I yellow)
waiting for server response 2:28 (also yellow)
in: 0 B/s 0B (I white)
Out: 0 B/2 182B
Not sure if I am connected or not.....
I will wait for my consultant and then report back
Having refused to Bite the Apple, Tunnelblick is a mystery to me.
There are two ways (besides a possible Tunnelblick log) to know if the OpenVPN connection is established:
Open Safari and browse to the IP address of the Orbi router, which is usually 192.168.1.1 If the Orbi web site comes up asking for login credentials, that's pretty much proof.
On a computer/tablet connected to the Orbi LAN, open the web administration and navigate to the Attached Devices web page. It takes a few minutes for the web page to update, but eventually there will be a new device at the bottom of the page showing the connection as 'vpn'. On my old Orbi, vpn devices are in a different subnet than the primary devices, so my device shows up with an IP address such as 192.168.2.2 The 960 has so many different WiFi groups and options that I have no idea what IP vpn devices get.
From the non-Windows config file, it appears that Netgear is setting up a tap VPN connection. This could definitely pose a problem if the consultant's local LAN is 192.168.1.x
