Reply
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,


@CrimpOn wrote:

The Orbi log contains entries for my "non-Orbi DNS" computer 192.168.1.2 and for my "use Orbi DNS" computer 192.168.1.3

 

[service blocked: DNS] from source 192.168.1.2, Tuesday, May 05, 2020 11:18:00
[service blocked: DNS] from source 192.168.1.3, Tuesday, May 05, 2020 11:17:59

 

Looks like "Block" means "Block"


Right, this is a big hammer to tell those smart kids that you're a step ahead and aware of what they're trying to do.  Altnernately, you can define a rule to block DNS services if the destination IP address isn't the router/Orbi/CloudFlare/etc., IP addresses.  I would suggest DNS redirect rule instead of this.

Message 126 of 166
Highlighted
Sensei

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

I'm not convinced that the Orbi router has the same capabilities as the pfSense box.  The only port forwarding  NAT rules affect inbound traffic from the WAN, and when DNS (port 53) is blocked, it prevents DNS from reaching the Orbi DNS.

 

Thanks for the hints.

I love my Orbi.
Message 127 of 166
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

This is a very basic firewall function that any decent router/firewall would support.  If Orbi doesn't allow this, it would be disappointed.  When I have a window to take Orbi offline to tinker with it to see if such a NAT/firewall rule can be set.  I'll circle back with the result or how-to.

Message 128 of 166
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

See the attached file/picture for an example of how it's done on pfSense router.  The goal is to setup a similar rule on the Orbi router.

 

Redirect DNS requerst.png

Message 129 of 166
Highlighted
Sensei

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

I am not hopeful, but appreciate you giving it a try.

I love my Orbi.
Message 130 of 166
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,


@CrimpOn wrote:

Well, "No Cigar" for me.  In Security, I added "Block DNS" for IP range 192.168.1.2 - 192.168.1.100.  My Orbi router is 192.168.1.1.

Killed DNS completely.  My computer that is set not to use the Orbi for DNS, and my other Windows 10 computer which gets DNS from the Orbi.  The goal was to block my computer from using "non Orbi DNS", but allow computers using Orbi DNS to function.

This rule seems is correct.  If the Windows 10 client DNS server is Orbi, it should work unless Orbi applies the rule on the LAN interface instead of the WAN interface.  If that's the case, then it's really sad.

 

Can you manually define a custom rule under Service Type (assuming it's possible) and set the Windows 10 client DNS to Orbi and try this again?

 

Service Type: User Defined

Protocol: UDP

Start port: 53

End port: 53

IP address range: 192.168.1.2-100

 

First verify that Orbi itself can get through to DNS server.  Then verify the Windows 10 client.

 

By the way, if you have Pi-Hole setup, it would be simpler.  Set the Pi-Hole as DHCP/DNS servers for Orbi network, point Pi-Hole DNS server to CloudFlare, and exclude Pi-Hole IP address from IP address range.  That would be ideal!

Message 131 of 166
Highlighted
Sensei

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,


@SW_ wrote:

Service Type: User Defined

Protocol: UDP

Start port: 53

End port: 53

IP address range: 192.168.1.2-100

Says this is an invalid user defined service type.

 

By the way, if you have Pi-Hole setup, it would be simpler.  Set the Pi-Hole as DHCP/DNS servers for Orbi network, point Pi-Hole DNS server to CloudFlare, and exclude Pi-Hole IP address from IP address range.  That would be ideal!


Looks like we have a winner.  Orbi does my DHCP, and I have Pi-hole set up for testing.  Blocked my PC using the Orbi, but allowed Pi-hole to act for me.  Pi-hole is too agressive on Google search results for the family (They don't realize the first hits at the top are all ad redirects.)  So, using Orbi to block alternative DNS works as long as there is a DNS relay inside the LAN that is separate from the Orbi and has an IP address outside of the single range where everything else is.

 

Really appreciate your patience working through this.

I love my Orbi.
Message 132 of 166
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Message 133 of 166
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,


@SW_ wrote:

To protect family/kids from malicious Internet content, DNS filtering is simplest defense and it's free.  There are quite a few of free/paid DNS filtering services out there, but I find that free DNS filtering service is sufficient for me.

 

My two favorite free services are Cloudflare Gateway and CleanBrowsing DNS Filters.

 

I've tried both services and I found that CleanBrowsing/Adult Filter is best and simplest to setup.  However, if you want a nice DNS report, flexibilty (what to block), and speed, stick with CloudFlare Gateway.  The setup process is similar for both, just point your router/Orbi DNS servers to their IP addresses.  That's it!

 

Good luck!


 

CleanBrowsing even has a guide for Orbi - How to change DNS on a NetGear Orbi Router.  

 

Message 134 of 166
Highlighted
Aspirant

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Any tips or tricks on how to modify the default behaviour of a VPN connection getting its own subnet? 

 

My normal IP is 192.168.1.x but anything on the VPN comes in at 192.168.2.x

 

I can't see a way to modify this in the UI, was hoping I could chance something via telnet to get VPN devices on 192.168.1.x

 

My guest network current uses the same subnet, so people on the guest network are in 192.168.1.x

Message 135 of 166
Highlighted
Sensei

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,


@Mehr1 wrote:

Any tips or tricks on how to modify the default behaviour of a VPN connection getting its own subnet? 

 

My normal IP is 192.168.1.x but anything on the VPN comes in at 192.168.2.x


Actually, there are two types of VPN.  OpenVPN on Windows creates a "TAP" connection, which appears in the regular primary subnet.  Smartphone and Linux both create a "TUN" connection, which appears in a different subnet.  There is no method available to users to change this.  However, it does not present a serious issue because the Orbi creates a static router between 2.x and 1.x  When I connect to VPN, I can communicate with every device on the primary (and Guest if set up that way) subnets.

 

Perhaps if you describe the specific problem being in the 2.x subnet is causing we can suggest a solution.

I love my Orbi.
Message 136 of 166
Highlighted
Master

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

In the new Orbi AX (RBR850) it’s possible to set any IP range for DHCP, for VPN clients and for guest network, but unfortunately not in the Orbi AC (RBR50).

My Setup Internet Fiber ONT 250↓/250↑ISP Telenor | Wifi Router Orbi RBK50 AC3000, Router Mode, Wired Backhaul / Orbi RBK852 AX6000, Router Mode, Wireless Backhaul | Switches Netgear GS208Time Zone CET (Sweden)

Message 137 of 166
Highlighted
Aspirant

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Thank you for your response.

 

Specifically, I am unable to see my Sky Q recordings on my mobile phone using the Sky Go app when connected via VPN, vs being on my WiFi at home and seeing them. I believe (could be wrong) this is due to the different subnet.

Message 138 of 166
Highlighted
Master

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,


@Mehr1 wrote:

....

Specifically, I am unable to see my Sky Q recordings on my mobile phone using the Sky Go app when connected via VPN, vs being on my WiFi at home and seeing them. I believe (could be wrong) this is due to the different subnet.


I don't think this has to do with the different subnets. It can be a restriction in the Sky Go app, if you have the correct settings in Orbi:

In the web GUI under >> ADVANCED >> Advanced >> VNP Service >> what setting do you have for the following:

Clients will use this VPN connection to access 1. All sites on the Internet & Home Network 2. Home Network only 3. Auto

My Setup Internet Fiber ONT 250↓/250↑ISP Telenor | Wifi Router Orbi RBK50 AC3000, Router Mode, Wired Backhaul / Orbi RBK852 AX6000, Router Mode, Wireless Backhaul | Switches Netgear GS208Time Zone CET (Sweden)

Message 139 of 166
Highlighted
Aspirant

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

I have "All sites on the Internet & Home Network" selected.

 

I didn't know how Sky would be able to restrict it if both devices were on the same network due to the VPN, maybe that's my lack of understanding of networking etc.

 

Doesn't sound like I'll be able to find out for sure either way Smiley Happy. Thank you for the ideas.

Message 140 of 166
Highlighted
Master

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Have you tried other apps that needs VPN access to work?
I have few apps that work perfectly well with VPN even with different subnets.

My Setup Internet Fiber ONT 250↓/250↑ISP Telenor | Wifi Router Orbi RBK50 AC3000, Router Mode, Wired Backhaul / Orbi RBK852 AX6000, Router Mode, Wireless Backhaul | Switches Netgear GS208Time Zone CET (Sweden)

Message 141 of 166
Highlighted

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Hi,

If you run a network scanner from your smartphone while connected to the VPN and scan your internal network most scanners I’ve seen default to the network your connected to, in this case 192.168.2.x. A few scanners low you to customise the scan subnet which allows you to Select 192.168.1.x. That’ll let you scan and see your SkyQ box, but it won’t let your SkyGo app see your SkyQ box. I suspect that the Sky Go app is looking for some ‘plug n play’ data being broadcast by the SkyQ box, which it can’t see because it’s in the wrong subnet when on VPN.

If you’ve enough bandwidth when out on your VPN download the content direct to your device is my recommendation.
Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 142 of 166
Highlighted
Prodigy
Prodigy

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

 

 

 

pfSense Router.png

 

If anyone still suffers from Orbi WiFi disconnect/DNS/reboot issues with the latest firmware 2.5.1.16, please off-load DNS function to a separate box/router or just switch Orbi to AP Mode if it's possible.  My current Orbi AP Mode setup with pfSense router has been rock solid.  Good luck!

Message 143 of 166
Highlighted
Guru

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

DNS on my RBK50 has been solid while in router mode usin v16. Ran for 14+ days with zero issues. 

If DNS issues are being experienced, i recommend troubleshooting to find out what the real problem is first. Many causes behind DNS problems.  


My Setup (Cable 900Mbps/50Mbps)>CAX80(Modem Mode)>RBK853 v3.2.16.6(Router Mode)

Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 144 of 166
Highlighted
Master

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Everything on my Orbi RBK53 system has been rock solid. They're on firmware  V2.5.1.16, and since its install weeks ago, setup as a Router, they have been working flawlessly with over 21 devices connected both wired and wireless. During my initial setup, the units got updated to this firmware, so I have no experience with other versions. But IMHO this version is rock solid. 

Orbi RBK53 System/RBR50/RBS50/RBS50. + Orbi Voice RBS40V
RBK753 system/RBR750/RBS750/RBS750 + RBK853 System/RBR850/RBS850/RBS850
There's always a logical answer, if you have all the facts!
Message 145 of 166
Highlighted
Aspirant

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

I get an error when telneting into my messed up satellite. I type config default and it tells me

umout: can't count /TMP/fall: no such file or directory.

I have ignored that and gone ahead and config commit and then config reboot but this satellite still loses connection constantly and reboots constantly.

I have done the steps of turning it off. Removing the device from my attached devices. Turning it on and then holding the pin in back until the power button blinks red to factory reset.

Whenever it comes back from a factory reset it auto connects to the router and I can't go through the GUI to add it.
Model: RBK53|Orbi AC3000 Tri-band WiFi System
Message 146 of 166
Highlighted
Guru

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Is the RBS not working after it's connected to the RBR? 

What FW Version are you using?

Has a factory reset on the RBR and RBS and walk thru the setup wizard resulted in any differences? 


@Wowzors wrote:
I get an error when telneting into my messed up satellite. I type config default and it tells me

umout: can't count /TMP/fall: no such file or directory.

I have ignored that and gone ahead and config commit and then config reboot but this satellite still loses connection constantly and reboots constantly.

I have done the steps of turning it off. Removing the device from my attached devices. Turning it on and then holding the pin in back until the power button blinks red to factory reset.

Whenever it comes back from a factory reset it auto connects to the router and I can't go through the GUI to add it.

 


My Setup (Cable 900Mbps/50Mbps)>CAX80(Modem Mode)>RBK853 v3.2.16.6(Router Mode)

Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 147 of 166
Highlighted
Aspirant

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

When the RBS connects blue there's a small window of time (variable) that I can log into it and push commands, eventually that blue light will disappear meaning it's running fine and then it will go magenta. Eventually from magenta it will reboot and start the whole thing over again.

Haven't gone full nuclear on the router or other satellite. Those two are stable if I turn off the satellite that gives me issues those two will keep chugging along.

I had the issue satellite running smoothly for around 6 months but this latest update 2.5.1.16 seems to have brought back the issues.

The only issue with this one satellite constantly dropping is when my appliances switch to it they hang as they are connected to the satellite that lost connection and don't switch to the other satellite or router in time for it to be unnoticeable.

After the latest config default, commit and reboot it has been up for 9hrs so hopefully something is fixed, although it keeps taking a specific IP address even though I reserved a different up address for it via it's MAC.
Message 148 of 166
Highlighted
Master

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

Maybe a full factory reset on the entire system will fix it. You can backup your settings before reset, which makes the task a whole lot faster. Also forget the WIFI on the appliance and relogin to the WIFI. <- you could try this first

Orbi RBK53 System/RBR50/RBS50/RBS50. + Orbi Voice RBS40V
RBK753 system/RBR750/RBS750/RBS750 + RBK853 System/RBR850/RBS850/RBS850
There's always a logical answer, if you have all the facts!
Message 149 of 166
Highlighted
Aspirant

Re: ORBI RBK50/RBS50 Tips, Tricks, Hidden Secrets, etc.,

I think if it starts disconnecting and reconnecting again I will do a full system factory reset. I am hesitant to do it as I am working from home and can't really have the internet go down for an extended period of time.
Message 150 of 166
Top Contributors
Discussion stats
Announcements