NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Z42985
Oct 25, 2019Aspirant
RBR850 Changing Guest LAN IP subnet / Guest Wireless subnet- The IP address conflicts with the Guest
When I attempt to change my LAN subnet to 192.168.2.0 I get this error message. "The IP address conflicts with the Guest LAN IP subnet. Please enter a different IP address."
So how do I change the "Guest LAN IP subnet"?
On a related note while googling this issue I came across the previous Orbi Guest wireless isolation issue and was just shocked that Netgear would release a product with such terrible security features AND not actually fix it after years. I don't care a whole lot about the feature but being part of openwireless.org is important to me, and it makes providing wifi to guests easier/more secure but I had committed to returning it if this was not fixed. https://community.netgear.com/t5/Orbi/CAUTION-Orbi-s-Wifi-Guest-Network-does-not-really-isolate-guests/td-p/1221867/page/5
It does appear this is fixed now BUT it appears Netgear has hardcoded the guest subnet?! It would not be terrible to reip my network but I've been using this subnet for 15+ years. I'm already having to reconenct every to a single SSID instead of having a 2.4 and a 5 Ghz SSID, forcing me to reip is pretty absurd.
If you like you can go for changing the guest network reserved address range using telnet commands as follows:
- nvram set lan1_ipaddr=192.168.3.1
- nvram set lan1_gateway=192.168.3.1
- nvram set lan_ipaddr2=192.168.3.1
- nvram set dhcp_start2=192.168.3.2
- nvram set dhcp_end2=192.168.3.254
- nvram commit
- reboot the router
- Set the LAN IP address to 192.168.2.1 in the Orbi web GUI under >> ADVANCED >> Setup >> LAN Setup
14 Replies
Sort By
Lack of a RBR850 I can't check this. Enable the guest network and establish a connection to the Guest network. On earlier Orbi and Orbi Pro systems, the clients used to receive IP addresses from the very same subnet as in place om the LAN. The 192.168.2.0/24 subnet is (certainly on the Nighthawk and the like routers) hardcoded to the OpenVPN TUN interface - only the transport protocol (UDP, TCP) and the port can be configured - the OpenVPN TUN subnet can't be changed. So for a test, you could enable the OpenVPN server (along woth some DDNS) on the RBR850, and establish an OpenVPN connection in TUN mode (iOS/iTabOS or Android OpenVPN clients can only handle TUN - that's part of the config for mobile devices) and check the IP address assigned. I would guess that it's on the 192.168.2.0/24 subnet (as it is implemented on Nighthawk and earlier Orbi) ... so the message might be wrong.
In case you have shell/console access to your Orbi router, run
# ifconfig tun0
...# netstat -an
...
Both will unveil the sunet information for the tun0 interface.Dustin_V your customers need the ability to adjust such internal IP subnets in the UI. Further on, such internal IP subnets must be documented!
- ekhalilMaster
In Orbi 850, the following is valid:
OpenVPN_TUN is using 192.168.254.0/24
The Guest network is using 192.168.2.0/24
These addresses are not configurable, but I think could be easily changed with telnet commands
OpenVPN:
openvpn_tun_ipaddr=192.168.254.1
openvpn_tun_netmask=255.255.255.0
Guest Network:
lan1_ipaddr=192.168.2.1
lan1_gateway=192.168.2.1
lan_ipaddr2=192.168.2.1
dhcp_start2=192.168.2.2
dhcp_end2=192.168.2.254
- Z42985Aspirant
Looks like the config command doesn't exist/isn't in the path anymore?
For now my work around to two issues caused by Orbi's lack of what I thought was basic flexibility (can't have two LAN SSIDs (For example 2.4 and 5Ghz SSIDs)) and can't use the 192.168.2.0 on the LAN subnet is to leave my old wireless router in place but with it's WAN and LAN ports connected to my LAN with DHCP disabled and one SSID disabled. Then anythings that connects to the old SSID or has a static 192.168.2.0 address can still operate and overtime I can go through reiping and reconnecting things. Kinda silly but I didn't think I was doing anything special on my network.