NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

VPN

87 Topics

VPN Setting
I'd like to see VPN Setting update in next firmware update that allows users to setup VPN with other VPN clients. While current instructions do allow for Smart DNS and shows how to create a VPN connection, it lacks today's needs. Having VPN support setting eliminates the need to run VPN on each device by allowing all connections to flow through router as one connection. Most services limit up to 3 connections at once. Having this support on my R8500 would totally eliminate the connections limit. Please consider supporting this with next firmware!
Goenham205
Sep 30, 2016 Place Submit Ideas for Home Products
24KViews
15likes
2Comments
Support for Linux clients and OPENVPN on R7000 or any other Netgear router
Althought the R7000 router has support for MAC and Windows clients when using the Netgear R7000 OPENVPN built-in server, it does not support Linux as a client. See the following link: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-VPN-Service-TAP-or-TUN/m-p/1002408#M20691 Currently I am running the latest "supported" firmware version: V1.0.4.30_1.1.67 as of Nov 10 2015 There is a great number of Linux users and not being able to take advantage of the OPENVPN server in the Router seems to be a big limitation/oversight. I personally purchased this router because of the fat that it had a built in OENVPN server, so that I could connect my Android and Linux devices to my network. As I discovered after purchasing the router neither of these platforms are supported. It seems that IOS and Android support is coming, but no plans to implement Linux. It may be possible to manually configure a Linux client if Netgear would publish how OPENVPN is implemented. I understand that this would not be "supported" by Netgear, but for those of us who have some technical skill we could possibly implement it and make it work for our needs. Providing information such as and not limited to the following would be very useful since OPENVPN is open source software: Tunnel Device (TUN/TAP) Protocol UDP/TCP) Port number (1194 -> official port, or another port defined by Netgear) Encryption cipher (None, blowfish, AES-512/256/192/128 CBC, etc....) Hash algorithm (SHA1/256/512,MD4/5,none, etc....) TLS Cipher (none, AES-128/256 SHA, etc...) LZO Compression (Adaptive, yes/No, none) Authority/ Password usage TLS Auth Key usage ? PKCS12 Key usage? Static Key usage? ns-cert-type server ? Is access limited to the local network, to access the internet only, or to both local and internet? etc..... This post is essentially to ask for Netgear to provide the following: Implement a Linux client file and instructions on how to implement it for the various distributions of Linux. Provide comprehensive documentation on how OPENVPN is implemented in the R7000 router or any other router that has an OPENVPN server built-in.
HVOSPkxa
Nov 10, 2015 Place Submit Ideas for Home Products
95KViews
13likes
7Comments
Add VPN TUN option to the R7500 VPN options
Please could you consider adding the TUN profile in the OpenVPN server software already installed on the R7500 router to enable access from iOS and Android devices. This is a very practical and reasonable ask for a modern day piece of technology. Or, create a VPN app for Android and IOS that works with the existing VPN implementation on Netgear routers. Thanks, Sasan
soyee7
Feb 04, 2016 Place Submit Ideas for Home Products
70KViews
5likes
8Comments
MD5-Signed Certificate Warning with OpenVPN on iOS
As of version 1.2.8 of the OpenVPN app on iOS, OpenVPN issues the following warning: > WARN TLS: received certificate signed with MD5. > Please inform your admin to upgrade to a > stronger algorithm. Support for MD5 will be > dropped at end of Apr 2018 The warning appears as a modal dialog that interrupts use of the device. If the device is unlocked after a short period of time with the VPN connected, there will typically be multiple modal dialogs. This is an extremely frustrating experience. There appears to be no way to disable this warning and nothing router owners can do. A similar issue arose earlier for Android users (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-R7000-and-OpenVPN-for-Android-App/m-p/1310857). It is still unresolved at the time of writing. Netgear needs to issue a firmware update that changes the certificate used for OpenVPN.
Solved
pyrmont
Feb 22, 2018 Place Nighthawk Wi-Fi 5 (AC) Routers
37KViews
4likes
108Comments
VPN Access with users/passwords
Currently the VPN feature in Orbi, like all other nighthawk routers I have used in past only use certificate based authentication. Meaning authentication is only one-factor. As any security aficiando will tell you, you should always do two factor authentication. Can we get username/password's added to the VPN functionality in this router and the nighthawks? It is a simple mechanism to get two-factor auth. Or if we could hook up to SMS service that would also work :-) Don't want Russia hacking into my home network to steal all my kitten photos.
xantari
Nov 22, 2016 Place Submit Ideas for Home Products
11KViews
4likes
2Comments
ZeroTier and the ReadyNAS
NASTools mentions in the Apps sub-forum that he is looking into an app for ZeroTier. I started a small tangent discussion and thought it better to move it to its own thread. I. too, have been looking into ZeroTier, and I think it has great potential on the ReadyNAS. For those open to SSHing in, it's an easy install in OS6.6.0. But everything has to be done via SSH and the ZeroTier CLI, so it's not for everyone (yet). If NASTools does get an app with a GUI, then all aboard. I suppose ShellInABox could also be used, since it gives SSH access -- I have never tried it. I have installed ZeroTier One (the official name of the application) on OS6.6.0 running on legacy x86 devices. With OS6.6 now being based on Debian 8 (aka jessie), it should also install on ARM devices using the standard method, according to their documentation. But I do not have an ARM device on which to try it. Anyone wishing to risk the possibility of needing to factory default if it does not work right is invited to give it a try (see instructions below) and let us know in a reply if it works. So, "What is ZeroTier?", you ask. The best desctiption I have seen is that is it a "mesh VPN". That is, it is a VPN that runs in conjunction with your normal NAT, not instead or in the middle of it. Instead of routing everything over the VPN, as is the typical VPN implementation (though it can be made to do so), it sets up one or more parallel networks that you can access through ZeroTier. You can find more information at https://www.zerotier.com/. I have installed it on two ReadyNASes, a PC, and my Android phone. I can now directly access the NASes (including the admin page) from my PC or phone when away from home as if I were on the same LAN (though my phone's resolution and the OS6 user interface don't work well together). I can map drives on my PC. I can create a backup job between NASes, even if they are in physically different locations. No need for Rsync over SSH, ReadyCloud or ReadyNAS Replicate. Just a standard backup process using the other NAS's ZeroTier IP address instead of it's normal one. For me, this is huge. It's a lot like ReadyNAS Remote and then some. Like the ReadyNAS apps, it does use an external server to establish the route between devices, but it does not route all traffic though that server. As a result, it's only bottleneck is the connection speeds of the devices There is an option to run your own server, though documentation is sparce (likely intentionally, as doing so is only for highly skilled users). Because traffic takes the most direct route, including staying on your LAN if appropriate, this also means you can use the same Windows drive mappings no matter where you are. When both devices are on your LAN, speed does not suffer by being routed "around the world". But your internet traffic also doesn't suffer when you are on the road by being routed through your VPN gateway. Note that this could open a remote PC up as an attrack point on the LAN, so caution should be used by business users. Having the ZeroTier connection made automatically with stored credentials is probably not wise for many cases. I was initially reluctant to install ZeroTier because it just used a script and I could not see what it was doing. But I downloaded and looked over the script and became convinced it would work. And work, it did. Just go here: https://www.zerotier.com/product-one.shtml and run the CURL command listed for the Linux install from an SSH session. I point to the page instead of duplicating the command in case it changes in the future. I did run an apt-get update first, because I think the system should be up to date before installing any "foreign" apps, but Netgear does not recommend doing the update, as it may create conflicts within the OS. The script checks what version of Linux and what processor you are using, then installs the appropriate files. It installed fine on my x86 OS6.6.0 system. It should install on ARM 6.6.0 and may install on older X86 6.x, but I have not tried it. Instructions for installing on earlier ARM OS6 can be found here: https://www.andrewmunsell.com/blog/remote-access-to-readynas-zerotier-one/. If it were to run on OS4.x or 5.x, it would probably also need to be compiled and scripts manually installed as described on that page. If it works on OS4 and OS5, it would be the answer to the lack of ReadyNAS Remote and ReadyCloud compatibility on the same client machine. But even if it doesn't, ZeroTier, unlike ReadyCloud, is compatible with running ReadyNAS Remote on a PC, so you could have concurrent ways to access both old and new systems, though not between each other. Once installed, it's just a mater of using the zerotier-cli command or Windows/Mac/Android/iOS GUI to join all devices to the same network and get an IP address on that network. ip addr show now now shows a new zto: interface and (if connected to a network), the IP address associated wih it. The interface and network connections survive a reboot, courtesy of startup scripts installed by the ZeroTier installer. It was not necessary for me to change any configuration on my router. Note that uninstalling may be more difficult than installing, as there is no uninstall script. But you can leave it installed but disconnected form any networks and it should cause no problem. Please share your installation experience, good or bad, especially if not on an OS6.6.0 or above X86 system.
Sandshark
Oct 30, 2016 Place Use your ReadyNAS
14KViews
4likes
13Comments
[X10 (R9000)] cannot regenerate or invalidate VPN credentials
I'm shocked I spent so much on a high end router, and I'm stuck with the static OpenVPN configuration on the router. There is no way to invalidate old keys, generate new keys, or have multiple active keys. This is a significant security design issue. Once you give a key out, or if you accidentally expose it, there is no way to kill it. Even if you are the only user using your VPN, there is a chance your device can be stolen or compromised, forcing you to question whether your home VPN credentials have also been compromised. There is no reason why you should need to buy a new router just to rotate your keys. The kicker is the manual even suggests changing the default SSID and network password. I don't know why they wiould suggest this if they thought the default installation was private and secure. If Netgear believes it is better security to use your own custom security credentials, then they should allow you to do the same with the OpenVPN configuration. The OpenVPN feature on the X10 is too minimal to be trusted.
Solved
Borthalomew
Dec 30, 2017 Place Nighthawk Wi-Fi 5 (AC) Routers
4.3KViews
2likes
8Comments
Orbi Dropping VPN Connection
I recently setup the Orbi in my home and I am experiencing frequent VPN drops on my work computer. I am using the Cisco AnyConnect software for the VPN login. I am assuming that the Orbi may be attempting to connect back and forth between the 2.4 and 5 ghz connections causing the VPN connection to drop. Has anyone else experienced this and what can I do to resolve? I am not a networking expert by any means, and my setup was completed based on the base Orbi settings. This is severely impacting my ability to work efficiently from home. Thanks!
saw676
Dec 07, 2016 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
11KViews
2likes
17Comments
Recent Firmware updates on R8000 and R7000 break SonicWall SSL VPN Connectivity
I have spent nearly 40 hours investigating connectivity issues with SonicWall SSL VPN using the Dell SonicWall NetExtender client and the Windows 10 SonicWall Mobile app, which resulted in the root cause being Netgear Firmware updates, so am posting here for the benefit of others and also in the hope that Netgear resolve the issue. I have tested and verified the issue on Netgear R8000 X6 & Netgear R7000 devices, connecting to SonicWall SSL VPN devices in Palo Alto and London (waiting on firmware version from the respective IT teams), but our Atlanta and Manchester offices do not experience the issue and they are on older SonicWall firmware versions with the Dell icon, rather than the new SonicWall S in a shield icon. I've tested both of these devices using PPPoE on FTTP connections using 2 PC's, 2 laptops and an Android mobile device and also excluding the Netgear router (conntecting the network cable directly to the PC's and Windows performing the PPPoE connectivity) to verify 100% that it's a Netgear firmware issue. On the Netgear R8000 X6 The issue occurs from firmware version 1.0.3.48 The most recent version without the issue is 1.0.3.46 On the Netgear R7000 The issue occurs from firmware version 1.0.7.12 (also tested version 1.0.9.6) The most recent version without the issue is 1.0.7.10 Netgear, please resolve this issue in newer firmwares, otherwise I suspect that more people will be affected by this in future.
Solved
phoenix13
Aug 13, 2017 Place Nighthawk Wi-Fi 5 (AC) Routers
6.2KViews
1like
3Comments
Way for ORBI to route some devices thru VPN while others do not use VPN
ORBI & VPN services (like Ivacy, HMA, VPN Express..). Is there any way to implement SELECTIVE VPN directly on the ORBI router (wired or wireless)? Looks like presently VPN on ORBI requires/only works with a PC/MAC/Android driven APP. Would like to use VPN right in the router itself only for some devices that need it while others that do not need VPN go around it. Have heard of this as a "gateway" feature on another router. Could just put up a second dedicated router for those devices but would rather not unless I have no choice.... Thoughts ? Suggestions? Thanks. T.
tdrago
Jun 19, 2017 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
5.2KViews
1like
1Comment