NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

VPN

41 Topics

VPN Access with users/passwords
Currently the VPN feature in Orbi, like all other nighthawk routers I have used in past only use certificate based authentication. Meaning authentication is only one-factor. As any security aficiando will tell you, you should always do two factor authentication. Can we get username/password's added to the VPN functionality in this router and the nighthawks? It is a simple mechanism to get two-factor auth. Or if we could hook up to SMS service that would also work :-) Don't want Russia hacking into my home network to steal all my kitten photos.
xantari
Sep 17, 2021 Place Submit Ideas for Home Products
11KViews
4likes
2Comments
Support for Linux clients and OPENVPN on R7000 or any other Netgear router
Althought the R7000 router has support for MAC and Windows clients when using the Netgear R7000 OPENVPN built-in server, it does not support Linux as a client. See the following link: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-VPN-Service-TAP-or-TUN/m-p/1002408#M20691 Currently I am running the latest "supported" firmware version: V1.0.4.30_1.1.67 as of Nov 10 2015 There is a great number of Linux users and not being able to take advantage of the OPENVPN server in the Router seems to be a big limitation/oversight. I personally purchased this router because of the fat that it had a built in OENVPN server, so that I could connect my Android and Linux devices to my network. As I discovered after purchasing the router neither of these platforms are supported. It seems that IOS and Android support is coming, but no plans to implement Linux. It may be possible to manually configure a Linux client if Netgear would publish how OPENVPN is implemented. I understand that this would not be "supported" by Netgear, but for those of us who have some technical skill we could possibly implement it and make it work for our needs. Providing information such as and not limited to the following would be very useful since OPENVPN is open source software: Tunnel Device (TUN/TAP) Protocol UDP/TCP) Port number (1194 -> official port, or another port defined by Netgear) Encryption cipher (None, blowfish, AES-512/256/192/128 CBC, etc....) Hash algorithm (SHA1/256/512,MD4/5,none, etc....) TLS Cipher (none, AES-128/256 SHA, etc...) LZO Compression (Adaptive, yes/No, none) Authority/ Password usage TLS Auth Key usage ? PKCS12 Key usage? Static Key usage? ns-cert-type server ? Is access limited to the local network, to access the internet only, or to both local and internet? etc..... This post is essentially to ask for Netgear to provide the following: Implement a Linux client file and instructions on how to implement it for the various distributions of Linux. Provide comprehensive documentation on how OPENVPN is implemented in the R7000 router or any other router that has an OPENVPN server built-in.
HVOSPkxa
Jan 30, 2021 Place Submit Ideas for Home Products
95KViews
13likes
7Comments
EX7000 wont work with VPN
I'm using an Arris Surfboard modem with the EX7000 extender. My mobile device uses fSecure Freedome as a VPN. Everything works fine when I connect to the modem directly via Wi-Fi. When I connect thru the extender, the VPN icon appears on my device and I see a Wi-Fi connection icon on the phone. But as soon as I attempt to browse to a web site, the VPN icon disappears and the page won't load. If I turn off the VPN, I can browse thru the extender with no issues. So it seems there's some confusion as to how the extender views and handles my VPN traffic. I've reserved the MAC addresses of the extender in the router DHCP table. I do not have an ACL allow/deny list set up on the router. I redid all of the settings of the router and extender back to simple default settings in case I had screwed something up. Nothing seems to solve the problem. Additionally, the 2GHz extension works sometimes (albeit rarely) and will stop working later. The 5GHz seems to always have issues.
Solved
Tobraham
Oct 15, 2018 Place Nighthawk WiFi Range Extenders
14KViews
0likes
18Comments
MD5-Signed Certificate Warning with OpenVPN on iOS
As of version 1.2.8 of the OpenVPN app on iOS, OpenVPN issues the following warning: > WARN TLS: received certificate signed with MD5. > Please inform your admin to upgrade to a > stronger algorithm. Support for MD5 will be > dropped at end of Apr 2018 The warning appears as a modal dialog that interrupts use of the device. If the device is unlocked after a short period of time with the VPN connected, there will typically be multiple modal dialogs. This is an extremely frustrating experience. There appears to be no way to disable this warning and nothing router owners can do. A similar issue arose earlier for Android users (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-R7000-and-OpenVPN-for-Android-App/m-p/1310857). It is still unresolved at the time of writing. Netgear needs to issue a firmware update that changes the certificate used for OpenVPN.
Solved
pyrmont
Jul 30, 2018 Place Nighthawk Wi-Fi 5 (AC) Routers
37KViews
4likes
108Comments
OpenVPN No server certificate verification method has been enabled.
Hi, I'm using a R7000 running V1.0.9.28_10.2.32. I just enabled VPN and tried to connect via a Windows 10 OpenVPN client but get the following errors in the VPN Windows Log I removed the normal messages at the start of the log but can provide them if required. Wed May 02 17:00:46 2018 us=65248 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed May 02 17:00:46 2018 us=65248 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak Wed May 02 17:00:46 2018 us=65248 MANAGEMENT: Client disconnected Wed May 02 17:00:46 2018 us=65248 Cannot load certificate file client.crt Wed May 02 17:00:46 2018 us=65248 Exiting due to fatal error This is using the downloaded configuration from my Netgear router's Advanced Setup VPN. I use a static IP provided by my ISP so don't need to provide a a Dynamic DNS setting. I've modified the client1 config accordingly with my external static IP. Looks to me as though the internal Netgear VPN Server's cert is somehow incorrect! Any ideas?
Solved
gandmclark
Jun 04, 2018 Place Nighthawk Wi-Fi 5 (AC) Routers
217KViews
0likes
7Comments
Trouble Setting Up Orbi VPN on Mac OSX
Hello - I tried searching for the answer but none of the search results seemed relevant. I must be missing a step somewhere. Here is what I did: Orbi WiFi has the basic installation complete and set up -- I can log into the orbilogin.com using the default username and password. I go to Orbi Advanced tab, Advanced Setup, DynamicDNS. I have successfully set up a NETGEAR DDNS account and activated it successfully on NOIP.com. As instructed by NOIP, I have download and successfully set up Dynamic Update Client for Mac. I can log into the NOIP dashboard and it shows my mynetgear hostname as active with no errors. Let's just call it MYHOSTNAME01 . MYNETGEAR . COM. I go back into my Orbi Advanced tab, Advanced Setup, DynamicDNS and click “Show Status” and the system shows that I am successfully configured/connected to MYHOSTNAME01 . MYNETGEAR . COM. I go to Orbi Advanced tab, Advanced Setup, VPN Service and click “Enable VPN Service” and keep the defaults for Advanced Configurations “TUN UDP port 12973” and “TAP UDP port 12974”, Clients will use this VPN set to “Auto”. I click apply and I download the FOR MACOSX configuration package. I install Tunnelblick on Mac OSX for Sierra OSX version (latest). I take the FOR MACOSX configuration package and paste the files in "~/Library/Application Support/Tunnelblick/Configurations”. At this point I then take the “client.conf” from the Orbilogin.com dashboard “FOR MACOSX” downloaded configuration package and drag and drop it onto Tunnelblick. I accept all the setup prompts in Tunnelblick and then Tunnelblick creates a “client.tblk” in the same location as all the FOR MACOSX files (again, ~/Library/Application Support/Tunnelblick/Configurations). I click “Connect” in Tunnelblick but no successful connection is made — Tunnelblick times out. I follow the Orbilogin.com instructions for FOR SMART PHONE and try to make a connection from my iPhone and it also times out using the OpenVPN Connect iPhone app. (the app correctly shows the configuration file indicating to connect to "MYHOSTNAME01 . MYNETGEAR . COM / smart_phone". So basically I am demonstrating that I tried installing and testing VPN connectivity to the Orbi VPN service from two different devices (my Mac and my iPhone - neither of which are currently connected to my Orbi WiFi home network). Am I missing a step? Help please.
Solved
spizzi
Jun 01, 2018 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
14KViews
0likes
6Comments
OpenVPN working after 2.1.4 firmware upgrade?
Hi all, My Orbi system updated itself with the firmware on Saturday afternoon (28th April) and afterward I again downloaded the Mac and iPhone OpenVPN profiles to the respective devices. In subsequent testing, I'm not seeing any device able to establish a VPN connection using OpenVPN. Is anyone seeing differently - ie. is OpenVPN working for you after the firmware upgrade? Thanks!
twynne
Apr 30, 2018 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
1.1KViews
0likes
5Comments
HMAC Authentication Errors (via VPN)
Greetings--- I have a Nighthawk X4 (R7500), and have enabled the VPN Service per this article: https://kb.netgear.com/25389/Enabling-VPN-service-on-a-Nighthawk-router-using-a-MAC-OS-computer Everything connects fine, but I get the following errors: 2018-04-09 12:59:54 Authenticate/Decrypt packet error: packet HMAC authentication failed 2018-04-09 12:59:54 Authenticate/Decrypt packet error: packet HMAC authentication failed (repeated)... I am able to access resources on my local network, but the connection is VERY slow. Services like RDP are impossible to use. My config: client dev tap proto udp sndbuf 393216 rcvbuf 393216 ;dev-node NETGEAR-VPN remote xxxx.xxxxx.net12974 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ;remote-cert-tls server cipher AES-128-CBC comp-lzo verb 0
Solved
p3hndrx
Apr 12, 2018 Place Nighthawk Wi-Fi 5 (AC) Routers
5.1KViews
0likes
2Comments
VPN authentication
Hi, Why not Netgear can come up with VPN with cloud concept which is similar to Readycloud rather than certificate files which will be more user friendly with e-mail address and password authentication than authenticating using certificates which restrict the usage based on WAN IP of Router which is unusable for anyone who's WAN IP is private for Satellite and Fiber internet users. Also, it creates complication for users with DSL when modem is not bridged too.
jvasanth1984
Mar 04, 2018 Place Submit Ideas for Home Products
3.2KViews
0likes
0Comments
Adding a password to the VPN service?
I just got the VPN service running on my Orbi. It works great, and after a couple hour of playing with the settings, I can now route all internet traffic through the Orbi, which is great when I'm at a cafe somewhere. What makes me extremely worried, though, is that there is no password authentication, which means anybody with the certificate will immediately have access to my internal network (I almost e-mailed the certificate to my wife so she could get it working on her laptop too, before I realized that's more or less the same as sending her my login password in the clear--not a good idea). Is there actually a way to set up the Orbi VPN server to require a password? If not, when will Netgear implement one?
kkazkaz
Feb 22, 2018 Place Orbi Wi-Fi 5 (AC) and Orbi with Voice Mesh
2.2KViews
0likes
1Comment