Strange requirement for VPN activation

Of course you need to have either a static public IP address or otherwise have a DDNS service, for the VPN client to be able to find your Orbi while you're on the internet!

You should be fine if you have a static public IP address, but you need to set this in the Orbi settings below so the system knows that you have a static public IP address:

I understand this.

I do have a static IP-address, but my ISP does not connect me when I input the ip/subnet/gateway manually.  

As long as I have a static public IP address, there should not be a problem for me obtaining it dynamically from the ISP.  I should just be able to add my static IP address to the VPN settings page (just to feed the vpn-server with what information to use).

So basically - the orbi system shoul allow me to have a static IP, optained dynamically from my ISP.  

I am also communicating with my ISP regarding why they don´t accept my manual connection - and they do not have an answer to me.  They just confirm that I have at (fixed) static IP, that should always be optained dynamically (I always get the same IP).  And they can not help me any further since they do not support 3rd party equipment.  They can not understand why there is such a restriction on the Orbi system.

Most ISPs require the WAN/Internet interface to run on dynamic DHCP, regardless if there will be a fixed address reserved to you.

I'd just sign-up for a free Netgear DDNS name regardless that you get a static address assigned on your Internet connection. This name will be used while generating your VPN config files. 

You are right - I guess that is what I have to do.  Still a silly limitation in the Orbi system - especially as you say - most ISP expect to deliver IP information dynamically.  My last router was a Cisco, and it did not have this silly restriction.  There I could have the router to obtain IP dynamically, and then I just punched my static IP address into a field for the VPN settings.

I just was on the same position as you and just thought ... What .. the ... **bleep**. This restriction makes absolutely no sense. 

This restriction should defentily be removed from the 'advanced' settings, given that advanced users should know about dynamic/static ips and dynamic dns

For thouse who don't want to register for a silly ddns provider, here's a small codesnippet - just paste it in the browser web console (Developer Tools), this will overwrite the exiting check_openvpn function and lets you save the vpn settings (see line 5)

function check_openvpn(d) {
    var c = 0;
    var a = parseInt(d.vpn_port.value, 10);
    var b = parseInt(d.tun_vpn_port.value, 10);
    if (false) {
        if (old_endis_ddns != "1" && (old_wan_assign == "0" || (old_wan_assign == "1" && select_basic != "1")) && !(pppoe_get_wan_assign == "1" && info_get_wanproto == "pppoe")) {
            alert("Dynamic DNS service is suggested to be used alone with the VPN Service. Please make sure you will enable the Dynamic DNS service or use Static IP address for your Internet connection.");
            return false
        }
    }
    if (a > 65534 || b > 65534) {
        alert("The Service Port has to be less than or equal to 65534.");
        return false
    }
    if (d.enable_vpn.checked == true) {
        d.hidden_enable_vpn.value = 1
    } else {
        d.hidden_enable_vpn.value = 0
    }
    if (d.vpn_type[0].checked == true) {
        d.hidden_vpn_type.value = "udp"
    } else {
        if (d.vpn_type[1].checked == true) {
            d.hidden_vpn_type.value = "tcp"
        }
    }
    if (d.tun_vpn_type[0].checked == true) {
        d.hidden_tun_vpn_type.value = "udp"
    } else {
        if (d.tun_vpn_type[1].checked == true) {
            d.hidden_tun_vpn_type.value = "tcp"
        }
    }
    if (d.vpn_port.value == d.tun_vpn_port.value) {
        alert("Can't use the same port in TUN mode and TAP mode.");
        return false
    }
    d.hidden_vpn_port.value = d.vpn_port.value;
    d.hidden_tun_vpn_port.value = d.tun_vpn_port.value;
    if (d.vpn_access[0].checked == true) {
        d.hidden_vpn_access.value = "auto"
    } else {
        if (d.vpn_access[1].checked == true) {
            d.hidden_vpn_access.value = "all"
        } else {
            if (d.vpn_access[2].checked == true) {
                d.hidden_vpn_access.value = "home"
            }
        }
    }
    if ((d.enable_vpn.checked == true) && ((check_all_port(a, d.hidden_vpn_type.value) == false) || (check_all_port(b, d.hidden_tun_vpn_type.value) == false))) {
        alert("The specified port(s) are being used by other configurations. Please check your configurations of USB Readyshare, Remote Management, Port forwarding, Port Triggering, UPnP Port Mapping table, RIP, and Internet connection type");
        return false
    }
    if (d.enable_vpn.checked == true && backup_rsp == "") {
        d.hidden_backup_rspToPing.value = rspToPing_value
    }
    if ((d.hidden_vpn_type.value != type || d.hidden_vpn_port.value != port || d.hidden_vpn_access.value != access_mode || d.hidden_tun_vpn_type.value != tun_type || d.hidden_tun_vpn_port.value != tun_port) && d.hidden_enable_vpn.value == 1) {
        alert("You have changed your VPN Service configurations, please follow the Step 2 and Step 3 to download and install the configuration files on each of your VPN client devices (overwrite existing configuration files).")
    }
    if (d.enable_vpn.checked == true && select_basic == "0" && ((internet_ppp_type == "0" && wan_pppoe_demand == "1") || (internet_ppp_type == "1" && wan_pptp_demand == "1") || (internet_ppp_type == "3" && wan_mulpppoe_demand == "1") || (internet_ppp_type == "4" && wan_l2tp_demand == "1"))) {
        if (confirm("If you enable the VPN service on your router, your router's Internet connection mode will change from Dial on Demand to Always On. This change is required for a VPN client to connect to your router. Do you want to continue?") == false) {
            return false
        }
    }
    if (d.enable_vpn.checked == true && select_basic == "0" && ((internet_ppp_type == "0" && wan_pppoe_demand == "2") || (internet_ppp_type == "1" && wan_pptp_demand == "2") || (internet_ppp_type == "3" && wan_mulpppoe_demand == "2") || (internet_ppp_type == "4" && wan_l2tp_demand == "2"))) {
        alert("If you enable the VPN service on your router, you need to change your router's Internet connection mode from Manually Connect to Always On in order for a VPN client to connect to your router. Go to the Internet Setup page to make this change.")
    }
    return true
}

I have to revert my latest answer, NETGEAR also added a check in the openvpn init.d script, which will prevent the openvpn server from starting without a ddns. heres what that check looks like:

        if [ "$($CONFIG get endis_ddns)" = "0" ] && [ "$($CONFIG get wan_proto)" != "static" ] && [ "$($CONFIG get wan_pppoe_wan_assign)" = "0" ]; then
                exit 1
        fi

I'm pretty sad that NETGEAR forces their customers to use their no-ip partner. This is a huge bumer for me

Good things is, if your a developer, you can "just" patch that check out of the firmware and flush it (... yeah, I'm not kidding - just because they had to add that check in a run script... )

The file is located under `package/dni/openvpn_dni/files/openvpn.init` and the check is on line 181

This is so frustrating since I'm pretty happy with the Orbi

Does Netgear ever officially comment in the Forum?  They should explain themselves regarding this issue.....

Well, I opend a ticket regarding this issue, the answer wasn't very satisfying.

They just told me it's not possible, I need DynDNS if don't have a static IP, I should look into https://kb.netgear.com/23944/I-have-a-Nighthawk-router-what-is-Dynamic-DNS-and-why-should-I-set-up-a... why I need DynDNS.

The only thing I want is the reason, why this restriction was implemented in the first place (and maybe someone that removes this restriction 😛 ).
Would be great if someone could give me an answer to this.