- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
RBR40 VPN setting
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RBR40 VPN setting
Hi, guys.
I have RBR40 build V2.5.1.16 and I enable the VPN feature which can be working successfully all the time.
In recently, I wonder the RBR40 master router can assign the specify IP address, netmask, gateway, and DNS server to my laptop when I connect to the VPN by tunnelblick? It's possible can I ssh to my master router and configure the openvpn service?
The following is the configuration related to VPN:
----------------------------------------------------------------------------------
houser@Housers-MacBook-Pro netgear.tblk.folder % tree
.
├── ca.crt
├── client.conf
├── client.crt
├── client.key
└── dhcp-client-request.sh
0 directories, 5 files
----------------------------------------------------------------------------------
houser@Housers-MacBook-Pro netgear.tblk.folder % cat client.conf
client
dev tap
proto udp
remote some_ddns_domain_here port_number_here
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 3
script-security 2
up dhcp-client-request.sh
---------------------------------------------------------------------------------
houser@Housers-MacBook-Pro netgear.tblk.folder % cat dhcp-client-request.sh
#!/bin/bash
/usr/sbin/ipconfig set tap0 dhcp
----------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR40 VPN setting
@h0u5er wrote:I have RBR40 build V2.5.1.16 and I enable the VPN feature which can be working successfully all the time.
In recently, I wonder the RBR40 master router can assign the specify IP address, netmask, gateway, and DNS server to my laptop when I connect to the VPN by tunnelblick? It's possible can I ssh to my master router and configure the openvpn service?
----------------------------------------------------------------------------------
Perhaps you could expand on the question. The Orbi router does use DHCP to assign an IP address, netmask, gateway, and DNS to the client computer. Are you asking if you can configure these values? The Orbi router/satellite do not support ssh connections. They do support telnet, which can be activated from the Orbi debug web page (http://orbilogin.net/debug.htm)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR40 VPN setting
My Orbi has enabled the DHCP for the local user and it will assign an IP address, netmask, gateway, and DNS server to the local client. BTW, the gateway address and DNS address is the same as Orbi's address itself.
But my question is can we assign another gateway address and DNS server settings to the client who will be requesting network information through a VPN connection? I mean I plan to use the other address (NOT Orbi's address) to act as a gateway and DNS for the VPN client.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR40 VPN setting
OpenVPN probably has a way to do this. Notice the line in the config:
up dhcp-client-request.sh
I believe that you can substitute parameters in this file for the IP, subnet mask, gateway, DNS, etc. I have looked (briefly) at the OpenVPN User Documentation, and felt like "Alice down the rabbit hole." Holy Moly. Bewildering.
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
While substituting a different DNS seems to pose little problem, I would be very cautious of messing with the subnet and gateway values. Unless there is an existing computer connected to the Orbi with an IP address that matches, then the VPN connection will have "no way out". I do not see how this can be possible.
Since you are on a Mac platform, maybe the folks at tunnelblick could offer advice?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR40 VPN setting
I learn the docs from tunnelblick website and known the *.opvn file is supported by tunnelblick. so I guess the OpenVPN configuration file will be supported on Orbi and try to find some use cases on this forum. But no luck.
Why I plan to assign another gateway address and DNS address (They are the same address) to the VPN client? Because I want to audit and inspect the traffic which comes from outside and connect to my home.
The network diagram like this
https://i.loli.net/2020/07/04/QXbKHGgIiLBy3TY.png
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR40 VPN setting
Thanks for the diagram. I believe there is a misconception about how VPN tunnels function. The client device and the host device are both connected to the internet. The Client create a tunnel inside that connection, through the initernet to the Host. There can be nothing between the two. i.e. The magnifying glass device cannot exist. The tunnel goes from the Client computer to the Orbi router, not to the computer on the right. The Orbi creates a virtual device (inside the Orbi) which appears as a computer connected to the Orbi.
A rough sketch is attached.
It is a fascinating concept to want to inspect and filter what is "coming in" through the VPN connection. Allowing a device onto the Orbi LAN through VPN is a lot like physically bringing a device in and connecting it. Once a device is "on the LAN", then it has the same access as other devices. This is probably a good reminder that we need to maintain firewalls and anti-virus software on our devices that are connected to the Orbi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR40 VPN setting
Thanks for your explanation, I already know where my problem is.
Thank you for your advice 🙂
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more