Re: OpenVPN Not connecting in Orbi system

I have VPN working well on iPhone and iPad. 

- What happens when it does not work for you?

- Do you see any event in Logs when VPN is tried? This can show if the VPN connection request arrives to Orbi. 

- Is DDNS configured correctly and working? Do you get the correct status when clicking “Status” in the DDNS tab?

- Please note that you can’t try VPN connection while connected to your own wifi or another network using the same IP range as your own LAN. 

Thanks for responding!

what happens is that i get time outs. In the log files i see each time the same error: "TCP rcv EOF" followed by "TRANSPORT_ERROR Transport error on ‘(my name).mynetgear.com: NETWORK_EOF_ERROR [ERR]"

in the DDNS, with clicking on "show status" i get the message, after a few seconde of waiting, that an update was performed a few days ago (correct, that was when i tried to setup my VPN first time) on (my name).mynetgear.com.

does this give you any clues?

Before starting “deeper” troubleshooting, can you please first untick “Enable VPN Service” option under VPN and click Apply, then tick it again and click Apply. Anything changes?

Did what you suggested, nothing changed, i keep the logged error (EOF error).

Also rebooted several times, but again, same problem.

Should i perform a total reset and renew installation? (Don’t like the idea, but on the other hand, it can be done if you think that’s wise).

Or should i delete my mynetgear address and start from scratch there, with a new address on mynetgear.com?

- You mentioned that your TUN Mode is set to TCP. Any reason for that? The default (which I have working) is UDP.

Did that after the initial udp option did not work (same problem), and on the former router Nighthawk R7000, this was the working setting...

Glad that this helped. Good luck 🙂

and to be complete for all readers of this topic, about the added questions concerning the log file of the windows client connection:

the line about the warning of certificates vanishes if one adds the line "remote-cert-tls server" to the .OVPN config file

the second warning, about the passwords cache, is of no real siginificance and can be ignored.

again many thanks to ekhalil!

I'm having the same issue...I cant seem to connect to my VPN on windows 10.  I am able to connect to it no problem on my iphone and ipad.  But on windows 10, I'm getting this in the log file:

Enter Management Password:
Tue Nov 20 14:47:48 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 20 14:48:53 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 20 14:49:58 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 20 14:51:05 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 20 14:52:11 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Any help would be appreciated.  Thanks in advance

_______________________________________________________________________________________________________________

UPDATE:  I was trying to connect while on my home network (not sure if that matters).  I tried while on my iphone hotspot and his is what i get:

Enter Management Password:
Tue Nov 20 15:02:04 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 20 15:02:06 2018 TAP-Windows adapter 'NETGEAR-VPN' not found

Ok, UPDATE #2:  After researching the last log file entry, I renamed the TAP Windows Adapter to "NETGEAR-VPN".  Now I'm getting:

Enter Management Password:
Tue Nov 20 15:12:08 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 20 15:12:08 2018 Could not determine IPv4/IPv6 protocol
Tue Nov 20 15:12:13 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

I just cant win!!  I already researched that as well and cant seem to find info on it.  Now any help would be appreciated.  Sorry, and thanks in advance

Well, since I got it running, you should be able to run it too, especially with your equipment!

I suppose you have the newest ORBI firmware, and you have a valid mynetgear.com account. And you downloaded the right files (those for Windows) from the router.

In VPN settings, leave the TUN service mode and TAP service mode as it is (so leave TUN to UPD and do not change it, like I tried to no avail, to TCP)

You already renamed the TAP adapter to NETGEAR-VPN, that is necessary too.

Did you also add the line "remote-cert-tls server" to your client.ovpn file? Because when you did, the warning about the certificates should not appear. Are you sure that the (in this way edited) client.ovpn is in the C:\program files\openvpn\config subdirectory?

And indeed, it matters that you test your VPN from a different network than your ORBI network.

Please check the above issues and let us know if this helps?

Thanks for the fast reply...

• Yes the router and satellites are on the current firmwares
• Yes my mynetgear account is valid
• Yes I downloaded the correct config files for windows
• Both TUN and TAP are default and havnet been changed
• Yes I renamed the adapter to NETGEAR-VPN as you stated
• No, I did not add that line to my config file.  Is that simply added that to the send line?  My config file is 1 line long...very long and nothing else.  Do I add it with quotes or without?

Here is my current config file:

Only 1 line

client
dev tap
proto udp
dev-node NETGEAR-VPN
remote (removed for privacy) 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 0
sndbuf 393216
rcvbuf 393216

Not sure why it pasted as being multiple lines, that's why i included the image.

• Lastly, yes, the config file is in the correct directory

I actually gave up until i saw your reply.  I will keep at it, but its very frustrating and shouldn't be this hard.

Also, opening the config file in notepad:

I added remote-cert-tls server without the quotes at the very end and when i go to save it, it says i dont have permission and need to seek file owner or administrator.  I am the administrator on the machine, only 1 user.

Yes, that is what i saw too. So what i did was editing the ovpn file in the download directory and then copied the new / edited file to the config subdir. Here too the system complained about my rights, but there was the option to continue as administrator. And that worked.

The line is indeed to be placed at the end of the file, i put it right at the end, two spaces after the last character.

And indeed without he quotation marks!

Please inform about the result!

Thanks again for your help...i really appreciate it.

New Errors - New Logs...so maybe a step in the right direction.  BUT, you're right, i'm not geting the "certificate" warning anymore 😃

I am very sorry your problem still exists...

Btw, your client.ovpn contains exactly the same lines as mine, only mine is one long line without hard returns (in notepad), and no spaces between the lines as compared to yours (where there are hard returns). I wonder why you apparently downloaded another format...

What exactly are the "new ERRORs" you write about in your last post?

Ah, now i can see the errors, but i do not understand them...

You have the exact lines in your (as compared to my) client.ovpn, and i also tried what would happen if i make it a file with neat 18 lines (the 18th being the added line remote-cert-tls server). No difference, works equal flawlessly.

The  only possible difference (but i do not know its significance) is that you keep also a client file in the C:\users\(user)\openvpn\config? Because i have not (the only place is the C:\program files\openvpn\config, along with the 3 other files of course (ca.crt, client.crt and client.key).

If the problem still exists, you might try the good old reboot of your system and / or try the whole operation without the protection of firewalls etc.

I am afraid i can’t be of further assistance (being kind of a novice myself!)

Good luck, and please post again if you have (hopefully good) news flashes!