Why Netgear does (or does not do) anything is not something any member of the Community forum has insight into. 

What we can do is offer suggestions for how to make use of the product.  For example, I connected a Windows 10 laptop to the internet (using a cell phone Hot Spot via LTE data) and used OpenVPN Connect 3.3.7 (2939) to connect with an RBR50.  As the attached log file shows, it worked correctly.  OpenVPN Connect prompted that an update was available, so I updated the Windows app to 3.4.3 (3337).  The next attempt to connect failed. (see log file). OpenVPN connect claimed there were "problems" and did not specify what they were:

OpenVPN Connect 3.4.3 (3337) on Windows 10, Feb 13

[Feb 13, 2024, 15:43:22] OpenVPN core 3.8.2connect3 win x86_64 64-bit OVPN-DCO built on Dec  1 2023 16:39:43

⏎[Feb 13, 2024, 15:43:22] Frame=512/2112/512 mssfix-ctrl=1250

⏎[Feb 13, 2024, 15:43:22] NOTE: This configuration contains options that were not used:

⏎[Feb 13, 2024, 15:43:22] Unsupported option (ignored)

⏎[Feb 13, 2024, 15:43:22] 5 [resolv-retry] [infinite]

⏎[Feb 13, 2024, 15:43:22] 7 [persist-key]

⏎[Feb 13, 2024, 15:43:22] 8 [persist-tun]

⏎[Feb 13, 2024, 15:43:22] 17 [route-method] [exe]

⏎[Feb 13, 2024, 15:43:22] UNKNOWN/UNSUPPORTED OPTIONS

⏎[Feb 13, 2024, 15:43:22] 3 [dev-node] [NETGEAR-VPN]

Thus it would appear that if OpenVPN Connect is the tool being used, one way to address this issue is to reinstall the previous version 3.3.7 (2939).

This Windows 10 laptop has OpenVPN GUI installed as well, v2.6.2, Mar 24, 2023.  The tap connection worked, but the tun connection failed.  Version 3 of OpenVPN dropped support for tap connections, so I kept 2.6.2 installed specifically to look at how tap behaves differently than tun.  I have not spent any time diagnosing "what's wrong" since the Open VPN Connect app was working - until I went and upgrade it - damn.

The tap connection that worked spit out the same error messages you noticed, but it still connected:

2024-02-13 16:03:59 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-02-13 16:03:59 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2024-02-13 16:03:59 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-02-13 16:03:59 OpenVPN 2.6.2 [git:v2.6.2/3577442530eb7830] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Mar 24 2023

I agree totally that it is annoying when vendors do not keep products up-to-date.  Heck, Netgear has only 19 Orbi router models (and ?? Nighthawk models).  How long could it take for some intern to update the OpenVPN software on all of them? (and test it, maybe)

My advice: find a version of OpenVPN that "works".

While I agree with your "find a version that works" and stick with it mentality, that is not a very security centric approach. That has gotten so many companies into trouble and since this is being used by a business this is not acceptable.  Changes to the software especially for security reasons cannot be overlooked and will be not be accepted by security oversite. With the non-compliance version of the server on the router this will make us have to move away from the device built in VPN and go to another solution. We are using the most recent version of the client as called out on the Open VPN Community download site of 2.6.9. I have no way of knowing which version is installed on the router as it doesn't show that information. 

So from what I can tell the server on the router hasn't been updated since the change in server software and there is not way to change the software. We will have to start looking into different options.

Hello @JBX_Industries,

And welcome to the NETGEAR Community! 🙂

I understand that this issue has not been addressed by Netgear Engineering for Orbi routers yet. However since the Orbi devices are already EOL (end of life), it will be best to open this issue under ideas exchange for Business product so they can modify or build a firmware that adds these feature. Or you can open a support ticket from Netgear support so Netgear Engineers can investigate and come up with a patch firmware that addresses this as long as your device is still under the 5 year hardware warranty.

Have a lovely day,

Rene D 
Netgear Team
 

Hello @JBX_Industries

Was your question answered? In this case could you give us feedback on the situation and accept the posts here as a solution to make it more visible to other users?

Thanks in advance!

Have lovely day,
Erwin
Netgear Team

EOL means these Orbi Pro Wi-fi 6 models can bo longer be ordered from the factory - not that supported feature like OpenVPN be rendered useless because Netgear missed to include the mandatory OpenVPN specification charge from 2023. This is a standard part of continued operational worthiness for the complete product life time.

How deep is the (non-existing?) product management sleeping that community supporters are publishing such nonsense advise? Ridiculous, and disappointing.

Marking as solution?!? You must be seriously kidding fellow Erwin.

I could not find a similar page for Business Products. The Home Products page contains this statement:

"discontinues support and maintenance firmware releases, including security updates" seems pretty clear to me.

If even experienced old community member write such a nonsense: No non-EOL products still promoted and sold are anywhere near to compliant to 2024 industry standards. Better write nothing and shut up if you are anywhere near to modern and up2date  than such a garbage my friend. The new CTO wrote a statement recently on LinkedIn - appears he has no clue of what is still -not- going on in his organisation. Stop these EOL lies now please.

In Netgear terms, EOL are devices no longer manufactured, not no longer maintained or supported anymore. All current SXR3x, 5x and 8x, same for the SXS satellites continue to be maintained and supported for some more years. 

I'm honestly tired, and about to give up supporting Netgear and their customers for free. 

For reasons, I gave mostly stopped supporting Netgear consumer garbage, except when such nonsense is posted.

It appears I have missed the point of the discussion.  I thought the original question was:

Why hasn't NETGEAR been keeping up with this and making changes to VPN with Firmware upgrades. How can I fix this issue and get my VPN back up and running?

My answer is "Because the SXK80 is 'End of Life' and Netgear says in writing that they do not intend to make any firmware or security updates."

If the question were changed to:

Why doesn't Netgear keep OpenVPN up to date on products that have not reached End of Life?

My response would be different. (More along the lines of indifference, incompetence, lack of staffing, etc.  But Why Netgear does anything is a mystery.)  In this particular case, the SXK80 was declared End of Life on 2/1/2023, which might have been prior to OpenVPN changing their requirements in 2023.

You still don't understand what End of Life in Netgear terms is. No longer orderable new, no longer manufactured, but supported and maintained for five more years (at least).

It's in no aspect a device no longer useable or deployable. However, this is what is means with professional suppliers having a careful worked-out and published produce lifetime schedule, for each SKU.

Netgear is not only understaffed. It's much worse: They have no clue what they are doing! Instead, they still hire and pay community support people which don't have a clue - so they are publishing such useless replies. And what hurts me most? Old experienced community members are jumping on the same EOL train. With the same consumer product garbage attitude. Out of sight, out of mind.

===

We’re honored to announce that NETGEAR, represented by our CTO Martin Westhead, has proudly signed the CISA Secure by Design Pledge at the RSA Conference launch event. As a leader in pioneering high-performance, secure networking solutions, NETGEAR remains steadfast in prioritizing the safety and privacy of our users. Joining forces with CISA in the Secure by Design initiative reaffirms our ongoing dedication to ensuring our customers and partners can trust the technology they depend on daily.

Learn more: https://lnkd.in/eGUPfiCR 

#CyberSecurity #SecurebyDesign #Tech #RSAC

===

I'm still eagerly waiting for Netgear to change accordingly - in any BU, in any product level, in any product class.

Just checked a large reseller (buying from the official distribution channel) still able to offer virtually "any" amount of SXK80B4, B3, and B2 kits for about 2339 CHF, 1126 CHF, and 823 CHF as of today, for delivery early early June 2024 (B4) or early May 2024 (B3 and B2 Kits). Yes, some 8.1% VAT included, so with a conversion rate of one 1 CHF vs. 0.91 USD, by rule of thumb about 1:1 for simple comparisons. 

Five years if Insight Pro included.

No signs of a true EOL here - more End-of-Manufacturing and End-of-Sale how more business oriented vendors are naming it.

Or does Netgear seriously offer and selling outdated, no longer maintained, ... SXR80 and SXS80 systems (along with SXK50 and SXK30 kits) here in Switzerland for a lot of money, and no plans to fix the very basic issues, no https support (except of the useless self-signed-certificate), and known outdated OpenVPN?

Gimme a break please 8-/

No question, I'll challenge the Swiss Netgear Sales Rep tomorrow morning.  

Wonder who will stop these Netgear moderators not doing any good for the customers???? @ChristineT please.