×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Re: CBR40 Can't access Internet through VPN

Pfredd
Guide

CBR40 Can't access Internet through VPN

I have an Orbi CBR40 cable modem that I have configured VPN on. From my phone, I can connect to it using the OpenVPN Connect client. I can access local devices, but I can't access the internet.

I have both protocols set to UDP, TUN Port is 12973 and TAP Port is 12974 and "All sites on the Internet & Home network" is selected.

When I connect, and view connected devices, the VPN connection is assigned 192.168.2.2, while lan and wifi devices are all on 192.168.1.xxx.

I am using my phone to test, which has had the WiFi turned off, so only the cellular connection is being used. I am using the Android OpenVPN Connect app from the Play Store, configured with the files downloaded from the Orbi.

Any suggestions on what is wrong?

Model: CBR40|Orbi AC2200 Tri-band WiFi Cable Modem Router
Message 1 of 9

Accepted Solutions
Pfredd
Guide

Re: CBR40 Can't access Internet through VPN

Yes, that is checked. I also tried Auto, but that didn't work either.

Maybe a firewall issue?

View solution in original post

Message 3 of 9

All Replies
CrimpOn
Guru

Re: CBR40 Can't access Internet through VPN


@Pfredd wrote:
When I connect, and view connected devices, the VPN connection is assigned 192.168.2.2, while lan and wifi devices are all on 192.168.1.xxx.

This is the way VPN 'tap' connections are designed.  By having VPN devices in a separate IP subnet, broadcast packets do not flood the VPN tunnel.  Smartphone use only 'tap' VPN connections.

 

Could you please check this setting on the OpenVPN page:

CrimpOn_0-1650467531437.png

 

Message 2 of 9
Pfredd
Guide

Re: CBR40 Can't access Internet through VPN

Yes, that is checked. I also tried Auto, but that didn't work either.

Maybe a firewall issue?
Message 3 of 9
CrimpOn
Guru

Re: CBR40 Can't access Internet through VPN

Hmmm.  I just now disconnected my Android phone (Sony Xperia XZ Compact) from WiFi and opened OpenVPN connect.  Can ping devices on the Orbi LAN. Can ping sites on the internet. Opened Chrome to display new stories.  (p.s. it is a 'tun' connection.  I always get those terms confused.)

 

I have wondered how to establish for certain that these activities are going through the VPN connection.  The phone is connected to Verizon (in my case) and has an IP address from Verizon in addition to the IP address on the VPN. (192.168.2.2)  Off  the top of my head, I do not know of a parameter or setting in the phone or OpenVPN Connect that would tell the phone which connection to use for general internet vs. VPN.   My guess is the only proof would be to capture the actual packets leaving the Orbi WAN interface to see if those pings and web connects show up.

 

Can you give more specifics about how VPN is not connecting the way you expect it to?

Message 4 of 9
CrimpOn
Guru

Re: CBR40 Can't access Internet through VPN

Repeated the experiment with the debug option "Enable LAN/WAN Packet Capture". That is:

  • Turn off WiFi on phone.
  • Use OpenVPN Connect app to VPN into the Orbi.
  • Run the Fing app to ping some sites:
    1.1.1.1  (CloudFlare) and 8.8.8.8 (GoogleDNS)
  • Observe that Ping is working correctly.
  • Disconnect VPN

 

Opened the file wan.pcap with Wireshark.  The capture file clearly shows the Orbi router sending ICMP packets to the two sites that I 'pinged' (1.1.1.1 and 8.8.8.8) and the sites responding.

CrimpOn_0-1650479735134.png

 

So, for my Android phone, OpenVPN Connect appears to route internet traffic through the VPN tunnel, and the Orbi connects  the VPN to the internet.

 

Am at a loss to explain why this is not working for you.

Message 5 of 9
Pfredd
Guide

Re: CBR40 Can't access Internet through VPN

Ok, I made some progress.
I disconnected my phone from wifi and connected it to the VPN. I then used Fing to ping 1.1.1.1. It worked!
It appears that this is a DNS issue, as trying to connect via domain names does not work. I will mess around with that for a bit to see if I can discover the issue.

Message 6 of 9
CrimpOn
Guru

Re: CBR40 Can't access Internet through VPN

Hmmm. dns.google.com and ford.com both ping from my phone over VPN.

 

I distinctly remember (years ago) discussing OpenVPN with people who wanted to stream videos that were restricted to their home country when they were actually in another country.  Not exactly kosher, but better than robbing liquor stores.

Message 7 of 9
Pfredd
Guide

Re: CBR40 Can't access Internet through VPN

I got it working!
I added the following to parameters to the OpenVPN Connect config file:

redirect-gateway
dhcp-option DNS 8.8.8.8

After re-adding the connection, it now works correctly!

Message 8 of 9
CrimpOn
Guru

Re: CBR40 Can't access Internet through VPN


@Pfredd wrote:

I added the following to parameters to the OpenVPN Connect config file:

redirect-gateway
dhcp-option DNS 8.8.8.8



Wow. You found it!   My smartphone ovpn file does not contain this, but it works.  My guess is there is something different about the OpenVPN Client on our phones.  I do not see this as a setting (parameter) and do not see a way to control the level of detail in the OpenVPN log.

 

Internet search for redirect-gateway returns quite a bit of information.

 

Every time someone posts an interesting problem on the forum, I learn something new!

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1973 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7