Netgear Orbi configured for VPN Passthrough

---

@randerton wrote:

I have a second dedicated VPN router I am planning to configure as a second router behind my existing Orbi router - on a different subnet.  I am looking to understand how to set VPN passthrough on my existing Orbi router (RBR50) in order to use a dedicated VPN router passing through the Orbi to their VPN server.  I see no VPN passthrough settings on my Orbi.  Does anyone know how to configure the Orbi for another router to pass VPN traffic through it?

---

I think this depends on which VPN that router will be running.  OpenVPN, for example, by default uses UDP port 1273 for tun and UDP port 1274 for tap connections (although they could be reconfigured to something different.)  I have no idea which ports other VPN protocols use.

So, on the Orbi, UDP ports 1273 and 1274 would be forwarded to the LAN IP address of this VPN router.  With devices connecting to that router being in a different IP subnet than devices connected to the Orbi, there could be communication issues between the two subnets.

If the plan is to use this VPN router to aggregate outbound connections from several devices (i.e. not receive VPN connections), I'm not certain that any ports need to be forwarded, because when the VPN router opens a connection to the internet VPN host the return path will go through the Orbi to the VPN router.

Please return and comment on how this project is proceeding.  There is a lot of interest in VPN, and not much experience with these exotic projects.

Thanks for the initial thoughts.  Here's a bit more detail on what I'm trying to accomplish and my information sources thus far.  I'm not a networking guru by any means.  I have an existing Orbi-base Wifi network I wish to maintain as-is.  My objective is to put all my Roku and Android TV's behind a VPN which means a VPN like Express VPN or Nord VPN.  Almost all my Roku and Android TV devices are hardwired Ethernet so I plan to disable the Wifi on the second VPN router I purchase/configure.  I am researching using FlashRouters to flash a second router with DD-WRT in order to make that my "VPN Router" (looking at a Linksys WRT1900ACS router to use for this now).  I am following some directions I found (Dual-router setup w/ a dedicated VPN Router: A step-by-step tutorial (vpnuniversity.com) on how to configure a VPN Router to sit behind an existing Wifi router using a separate subnet to keep the two networks separate.  This article indicates you must configure the "front end" router (Orbi in my case) by enabling "VPN Passthrough" to allow all VPN traffic to pass through the the Orbi and back from the VPN server.  I just can't locate any "VPN Passthrough" settings on my Orbi router.

---

@randerton wrote:

 I just can't locate any "VPN Passthrough" settings on my Orbi router.

---

That is correct.  The Advanced Tab, Advanced Setup, Port Forwarding page has a number of very common pre-defined port forwarding rules (starting with FTP at the top).  What you want is to create a Custom Rule that identifies the specific TCP/UDP ports needed for your VPM model. I would check with Express or Nord for which ports they use.

Very helpful and much appreciated.  I will check with the VPN manufacturers to fins which ports they use.  Due to travels it may take me 3-4 weeks to put all this into action but will report back...

Orbi(s) are great but maybe a PC Engines APU2E4 would be a better fit? You can use OPNsense on the APU and you have multiple LAN ports. Techincally a LAN and Opt1 port would be setup. You can apply duckdns to the WAN port for remote (via OpenVPN) to home access. I'm not really sure with this use case, just spit-balling.

Jason

Thanks Jason - I'm already too heavily invested in the RBR50 Mesh network (with two satellites) to consider a primary router/mesh network change.  I'm only trying to add a VPN router to my existing configuration to support multiple Roku/Fire Stick type devices.   Thanks again.

---

@randerton wrote:

I'm only trying to add a VPN router to my existing configuration to support multiple Roku/Fire Stick type devices.   Thanks again.

---

Would be interested to know the motivation behind this idea.  One that comes to mind is that you want to stream content that is not available in your region but is in another.  Do you mind sharing the reason?

That is correct - since YouTubeTV dropped live sports (i.e. the RSN's), I am searching for a solid solution to work around crazy blackouts from organizations like NBA and MLB.TV.  So I pay for a subscription to these type services but can't watch our local teams due to blackout rules.  Tired of being held captive to the large media players and their crazy TV contract terms.  In my case, I would have to go back to paying for cable TV with all the hardware rental boxes required in order to watch our local NBA and MLB team.  Make sense?