NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Security

21 Topics

Tunnelblick VPN Client on a Mac does not change the public IP
Public IP address not changing when I log into the VPN. I would like to browse the internet from this VPN, but tunnelblick client isn't routing all my internet traffic through my house. Running Mac OS X 10.12.6. Log file from Tunnelblick below. What am I doing wrong?? Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.3beta03 (build 4870); prior version 3.7.2a (build 4851) 2017-09-30 18:21:53 *Tunnelblick: Attempting connection with client2; Set nameserver = 769; monitoring connection 2017-09-30 18:21:53 *Tunnelblick: openvpnstart start client2.tblk 1337 769 0 3 0 1065330 -ptADGNWradsgnw 2.3.18-openssl-1.0.2l 2017-09-30 18:21:53 *Tunnelblick: openvpnstart log: Loading tap-signed.kext OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.18-openssl-1.0.2l/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient2.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065330.1337.openvpn.log --cd /Library/Application Support/Tunnelblick/Shared/client2.tblk/Contents/Resources --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 4870 3.7.3beta03 (build 4870)" --verb 3 --config /Library/Application Support/Tunnelblick/Shared/client2.tblk/Contents/Resources/config.ovpn --verb 3 --cd /Library/Application Support/Tunnelblick/Shared/client2.tblk/Contents/Resources --management 127.0.0.1 1337 --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw 2017-09-30 18:21:53 *Tunnelblick: Established communication with OpenVPN 2017-09-30 18:21:53 OpenVPN 2.3.18 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 26 2017 2017-09-30 18:21:53 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10 2017-09-30 18:21:53 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337 2017-09-30 18:21:53 Need hold release from management interface, waiting... 2017-09-30 18:21:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337 2017-09-30 18:21:53 MANAGEMENT: CMD 'pid' 2017-09-30 18:21:53 MANAGEMENT: CMD 'state on' 2017-09-30 18:21:53 MANAGEMENT: CMD 'state' 2017-09-30 18:21:53 MANAGEMENT: CMD 'bytecount 1' 2017-09-30 18:21:53 MANAGEMENT: CMD 'hold release' 2017-09-30 18:21:53 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2017-09-30 18:21:53 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2017-09-30 18:21:53 Socket Buffers: R=[196724->196724] S=[9216->9216] 2017-09-30 18:21:53 MANAGEMENT: >STATE:1506810113,RESOLVE,,, 2017-09-30 18:21:53 UDPv4 link local: [undef] 2017-09-30 18:21:53 UDPv4 link remote: [AF_INET]24.126.34.98:12974 2017-09-30 18:21:53 MANAGEMENT: >STATE:1506810113,WAIT,,, 2017-09-30 18:21:53 MANAGEMENT: >STATE:1506810113,AUTH,,, 2017-09-30 18:21:53 TLS: Initial packet from [AF_INET]24.126.34.98:12974, sid=0f8b24aa 1b1e4076 2017-09-30 18:21:53 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com 2017-09-30 18:21:53 VERIFY OK: depth=0, C=TW, ST=TW, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com 2017-09-30 18:21:53 *Tunnelblick: openvpnstart starting OpenVPN 2017-09-30 18:21:54 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 2017-09-30 18:21:54 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-09-30 18:21:54 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 2017-09-30 18:21:54 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-09-30 18:21:54 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 2017-09-30 18:21:54 [netgear] Peer Connection Initiated with [AF_INET]24.126.34.98:12974 2017-09-30 18:21:55 MANAGEMENT: >STATE:1506810115,GET_CONFIG,,, 2017-09-30 18:21:56 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1) 2017-09-30 18:22:01 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1) 2017-09-30 18:22:06 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1) 2017-09-30 18:22:07 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0 192.168.1.1,route-gateway dhcp,ping 10,ping-restart 120' 2017-09-30 18:22:07 OPTIONS IMPORT: timers and/or timeouts modified 2017-09-30 18:22:07 OPTIONS IMPORT: route options modified 2017-09-30 18:22:07 OPTIONS IMPORT: route-related options modified 2017-09-30 18:22:07 TUN/TAP device /dev/tap0 opened 2017-09-30 18:22:07 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1590 init ********************************************** Start of output from client.up.tunnelblick.sh Did 'ipconfig set "tap0" DHCP' Configuring tap DNS via DHCP asynchronously End of output from client.up.tunnelblick.sh ********************************************** 2017-09-30 18:22:09 MANAGEMENT: >STATE:1506810129,ADD_ROUTES,,, 2017-09-30 18:22:09 /sbin/route add -net 192.168.1.1 192.168.1.1 255.255.255.0 route: writing to routing socket: Can't assign requested address add net 192.168.1.1: gateway 192.168.1.1: Can't assign requested address 2017-09-30 18:22:09 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2017-09-30 18:22:09 Initialization Sequence Completed 2017-09-30 18:22:09 MANAGEMENT: >STATE:1506810129,CONNECTED,SUCCESS,,24.126.34.98 2017-09-30 18:22:09 *Tunnelblick: No 'connected.sh' script to execute 2017-09-30 18:22:10 Extracted DHCP router address: 192.168.1.1 Sleeping for 0 seconds to wait for DHCP to finish setup. Sleeping for 1 seconds to wait for DHCP to finish setup. Retrieved from DHCP/BOOTP packet: name server(s) [ 192.168.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ] Not aggregating ServerAddresses because running on OS X 10.6 or higher Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected Saved the DNS and SMB configurations so they can be restored Changed DNS ServerAddresses setting from '192.168.0.1' to '192.168.1.1' Changed DNS SearchDomains setting from '' to 'openvpn' Changed DNS DomainName setting from 'hsd1.dc.comcast.net.' to 'openvpn' Did not change SMB NetBIOSName setting of '' Did not change SMB Workgroup setting of '' Did not change SMB WINSAddresses setting of '' DNS servers '192.168.1.1' will be used for DNS queries when the VPN is active NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems. Flushed the DNS cache via dscacheutil /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil Notified mDNSResponder that the DNS cache was flushed Setting up to monitor system configuration with process-network-changes 2017-09-30 18:22:14 *Tunnelblick: This computer's apparent public IP address (73.200.235.104) was unchanged after the connection was made 2017-09-30 18:22:19 *Tunnelblick process-network-changes: A system configuration change was ignored
bardaravine
Sep 30, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
26KViews
0likes
7Comments
Orbi and WEP
I’ve been under the assumption that using WPS encryption is insecure, and the best encryption is to use WPA2 (hopefully with the Krack exploit patched). I noticed that it seems the Orbi system does use WPS through pushing the sync button on the router and/or satellite(s). Previous routers I’ve owned had the ability to completely turn off WEP. With that in mind, could someone comment on how secure using WEP (through the sync button) is when using an Orbi System? Also, does anyone think it may be beneficial if down the road Netgear added the ability for an end user to choose if they want WEP enabled or disabled on each individual device through a future firmware update (of course, after Netgear fixes the bugs that have been causing a lot of people to experience seemingly random wireless internet disconnections)?
j1n
Mar 15, 2018 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
7.2KViews
0likes
10Comments
Blocking inbound traffic by IP address
Just got an Orbi and am astonished that it is not possible to block inbound traffic by IP address, either explicitly (as a range), or from IP blacklists available from spam blocking lists. Being able to block incoming traffic by geographic region can be incredibly helpful, as many attacks originate in Russia in China. The fact that Orbi has DoS detection and gives me log entries like this "DoS Attack: SYN/ACK Scan" and no way to stop it is amazing. This topic has been raised in the past and it always gets closed with the statement that this is "beyond the scope" of a consumer level router and that only $1,000+ enterprise routers can do it. Bull. A $35 Linksys WRT54G running the open source DD-WRT firmware can do iptables blocks of IP addresses and ranges. A $250 Orbi should be able to do this without breaking a sweat.
feldon30
Apr 04, 2018 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
5.6KViews
3likes
3Comments
orbilogin.com not https
Why isn't orbilogin.com secured (https)? 1password notifies me that my password will be sent unencrypted. This does not make sense to have the admin website unsecured. Please explain.
BN-CA
Feb 09, 2018 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
5.6KViews
0likes
4Comments
Security vulnerability in Orbi
I happened to run avast wifi analysis and it found the 2 vulnerability in Orbi Router software listed below. Can anyone who is more technically minded confirm this? Orbi is a brand new system it should be patch against security holes that been reported since 2013. https://www.rapid7.com/db/vulnerabilities/miniupnpd-cve-2013-0229 https://www.rapid7.com/db/vulnerabilities/miniupnpd-cve-2013-0230
OrbiMan
Apr 12, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
4.7KViews
2likes
4Comments
Orbi with 1 Satellite - Suggested Security settings?
Got the new Orbi with one satellite today, and install was a snap. Of course part of it was letting both update firmware before letting everything connect. Previously, I had my one router setup as a different address than the default for the cable modem - i.e. cable modem wants to be 192.168.1.1 and I had the router setup as 192.168.10.1. It appears that Orbi is doing it's own negotiation here, but am wondering if there is a firewall setting I've missed, or anything else I should be looking at?
Solved
EwanRGR
Feb 27, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
4.5KViews
0likes
4Comments
EMAIL ADDRESS 'emarketing@e.netgear.com'
HAS ANYONE SEEN A EMAIL FROM NETGEAR THAT IS "emarketing@e.netgear.com"? IS IT A FISHING EXPEDITION?
Rayindeerfield
Oct 05, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
4.1KViews
1like
2Comments
Change Registration
I bought a used Orbi and would like to do remote admin. When I tried, it idicated that the previous user must have registered the device. Is there a way to re-register the device?
Steppenwolf123
Jun 16, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
3.5KViews
1like
1Comment
Need help setting up for maximum security RBK53
Hello everyone. Here's the background... I am needing to set up a network for electronic charting and digital X-rays at a dental office. Of utmost importance is the security of patient information. For several reasons, we won't be able to properly set up a wired network. We want to try the RBK53 set; 1 router, 2 satellites. I understand this is not an ideal setup and that nothing could replace a WLAN for speed and security. I'm strictly looking for ideas that could be applied to this unique situation. The hardware...... We have three different 'locations' in the office that need to be networked. 1) front desk, with one work station, network printer and the ISP provided modem; -workstation, printer and modem will plug directly to Orbi router 2) server closet , with the server and one workstation - server and workstation will plug directly to satellite #1 3) patient operatories, with two workstations - both workstations will plug directly to workstation #2 The questions..... - is there a way to set up the wireless communication so that network access is strictly limited to the devices directly plugged into the LAN jacks on the orbi router/satellites? - if not, is there a way to ensure that only the network components have access to each other - in short, I need to get as close to WLAN security and speed as possible, wirelessly. Thanks for the help.
mellow13
May 24, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
3.5KViews
1like
1Comment
RBR50 connected to wifi but blocking fire stick and some apps
Hi. I hope someone can help. Im not massively technical, so I hope it’s a simple issue to fix. Ive has my orbi RBR50 for about a year and it’s been pretty good, until recently. Using my iPad, I can still use safari to browse the internet and use outlook, but it won’t let me update apps in the App Store, and some game apps won’t connect. The orbi app itself won’t let me update the firmware. It has been updated within the last year, but I can’t even check if it’s still up to date now. With the exception of the orbi app, I can do all the others if I use a different network, showing it is the orbi at fault. I have a similar problem when I try to use my fire stick. It logs onto the orbi network but says that it’s not connected to the internet when it is. Also my little boys tablet will no longer acces the internet when connected. It seems to me like there is some kind of firewall that’s been activated, blocking certain sites /devices, but I can’t see where to change the settings. Speed tests seem fine. thanks in advance
Maquis
Jul 28, 2019 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
3.4KViews
1like
2Comments