VPN works, but public IP doesnt seem tunneled through (RBK50)

VPNs do not always route all traffic through the remote server by default. This is set in the VPN configuration file.

When you setup the VPN on Orbi make sure you check the box that says, "Clients will use this VPN connection to access"...  "All sites on the Internet and Home Network."

Thanks, I did exactly as you said.

It told me to redownload the ovpn file, I did.

I deleted the old ovpn from the phone, imported the new one. (I use openVPN application).

Now, when VPN is turned on, i cannot access anything, including the router admin page.

So my problem became:  VPN doesnt work at all, although I followed the instructions and didnt do anything fancy.

Should I create a new topic as "VPN Doesnt work?"

Thanks,

I don't think you need a new topic.

It makes sense you needed to download a new ovpn file.  That's where the settings are saved, so anytime you change settings, the new file must be downloaded and transferred to your phone.

Can you give some more information on how things are connected when nothing works? Apologies if any of the questions seem dumb, but I don't know anything about your setup or knowledge level. Some things to consider:

1. Are you sure your router is accessible from the Internet?

2. Can you get something simpler to work first, like Remote Access, to establish the router can be reached remotely?  See page 107 of the user manual here: http://www.downloads.netgear.com/files/GDC/RBK50/Orbi_UM_EN.pdf

3. If you change the settings back to Auto, can you access the VPN as before?

4. Are you connecting from either 1) outside your home, or 2) from inside but with the phone WiFi disabled so the cellular radio is used?

5. Have you tried the VPN from a Mac or Windows client?

This video has a decent walkthrough of the setup.

https://www.youtube.com/watch?v=7CRKV2DfugI

Hi,

Thanks for your answers.  I went over every line of your message and provided extensive info🙂 Therefore it is a long message.  Thanks for your time.

I am an IT professional.  Have 6 years of programming, 6 years of business analysis and 6 years of it project management experience under my belt.  Not a network expert at all, but have a basic understanding of NAT, DNS, Network Masks etc.

To test the VPN, I turn off wifi on my phone.  

I verify that I get a new public IP from the cell provider, e.g.84.241.xxx.yyyy

I openVPN app on the phone, I enable the VPN connection.

With the current setting (All sites on the Internet & Home Network selected) thats the last meaningful thing I can do on the phone.

From this point on, nothing is accessible, neither google.com nor 192.168.1.1 (orbit admin)

At the same time, I go to the ORBI logs.  

There I can see that the openVPN was successful: [OpenVPN, connection successfully] from remote IP address: 84.241.xxx.yyyy

Therefore I think the router is accessible from the internet.

When "automatic" was selected instead of "All sites on the Internet & Home Network", and the VPN worked, I could access orbi admin page.  whats strange now is that even this doesnt work.

i had not enabled remote access before, in order not to run into other issues.  

I had enjoyed the idea of being able to do this through the vpn.  

But upon your message, i enabled it.  

I closed the VPN on my phone.  

Typed in “https://myname.mynetgear.com:8444” -i customised the port just in case-.  

Safari didnt even let me connect to this site “connection is not private”. 

chrome also didn’t want me to go to this site.  but at least I could insist to proceed to the site.  

ORBI said “another admin is logged in - yes, the admin page was open in my mac- and it will have to be kicked out”.  

I said “yes, please”. 

And I could see the admin page.

So yes.  I can do remote management (although the browsers don’t like its security).

from logs:  [remote login] from source 84.241.xxx.yyy 

Next step for me was to disable the remote management.  

I didn’t have to re-login as admin (that what the message said during the remote management experiment - another issue?) 

no, i don’t have any of my browsers remember orbi admin page credentials. 🙂

After the remote management is turned off, I could no longer do vpn on my phone now.  I hanged during “waiting for server” step.

I deleted and re-downloaded the opvn file from ORBI.  Now it connects but still, although “automatic” is selected, I can no longer go to 192.168.1.1.

I don’t have windows machines that I have admin rights to.

The macs I have are inside the house so testing VPN with them is moot.

Since the instructions consisted of 3 steps with DDNS and 3 steps with VPN, I didn’t watch any movies.  I will watch the video in your link today, in case there is something that i miss.

One more important detail:  

I have a box from my internet provider(KPN).  it has my public ip on one side and 192.168.2.X on the other.

I turned off its wifi capabilities.  

The only thing connected to this box -with a cable- is ORBI.  

I arranged so that ORBI has DHCP Static IP - Using MacADDRESS:  192.168.2.100.  

Furthermore, I enabled DMZ setting for 192.168.2.100 on the KPN Box.

I expect any public traffic to it hitting the ORBI box.

In my earlier attempts I tried to do this with port forwarding.  It worked for a while then it stopped.  

So I shifted to the DMZ option. 

As the remote management test shows, this seems to be working.

However lets look at the ORBI now.

- DDNS points to my public IP.  Public IP hits KPN box.  KPN Box (LAN IP:  192.168.2.254) (through DMZ setting) sends everything to 192.162.2.100 (Public side of ORBI).  ORBI’s LAN side is 192.168.1.X (x=1 being orbi itself)

- When I check my phone - when the VPN is connected (but no traffic is passing through)

server is myname.mynetgear.com (check)

server ip is my public ip (check)

but VPN IPv4 is 192.168.2.2.  So I am on the KPN BOX space, not the ORBI space.

This might be the issue.  But I don’t know how to solve this problem.  I thought the DMZ setting on the KPN box would solve it but no.

So whats the suggested way to VPN, when ORBI is behind a consumer grade modem/router (when the wifi is turned off and ORBI is being used for it)

Many Thanks

Your problem is almost certainly related to the fact that your Orbi is not the router/gateway for your LAN. This will cause multiple problems, VPN issues being just one.

What you should do is etiher:

1) Run Orbi in Access Point Mode. (But this disables OpenVPN capability on Orbi.) OR

2) Set your KPN modem/rotuer to transparent bridge mode, which ensures your Orbi takes the public WAN IP address.  You may be able to Google this, call your ISP and ask them how to do it, or buy another modem that can be bridged.

It is possible to get OpenVPN to work on a server that's not the gateway/router. I've done it. However, doing so requires at least adding a static route to the gateway. This ensures the LAN devices know to go through Orbi instead of the KPN to respond back to the VPN client device on the other end of the tunnel. Adding the static route might be good enough.

See if you can bridge the modem.  If that's absolutely impossible, then we can talk about what you wanted to use the VPN for and see if there is a solution.

Thanks again for your support, interest and time. 

The support person at KPN didnt even know what tranparent bridge is 🙂 forwarded me to kpn forums. I posted my question there but i am not very hopeful, they really dumbed down the interface of the modem/router, couldnt even see a way to disable dhcp: in holland the customer isnt king. The king is king. (Kpn is a royal family establishment)

the support person also “guessed” that getting a new modem is a bad idea: he “guessed” tv and telephony (also connected to kpn box) wont probably work with a third party device. 

Kpn box is: arcadyan (VGV7519) experia box v8 - if it tells you anything. 

I am losing hope because i might even not be able to do the static route setting you mentioned. If you would like i can screenshot every page on the modems admin pages (there arent that many anyway) and share that. 

i had hoped that assigning static dhcp to orbi and doing the so-called dmz to that static ip would solve the issue, but if you say “not good enough” i will take your word.

i am willing to try your further suggestions. 

And if i get lucky on the kpn forums, i will let you know immediately.

or i could wait a bit before i consume any more of your time...

or? 

My Vpn motives:

- learning by doing : i am trying to learn about vpn’s.  Was hoping that it would work after following the instructions. Turns out i have to learn more than i bargained for 🙂

- for some reason i have the feeling that router management through vpn is more secure than enabling remote management on the router and opening the port to the world. I have always been suggested against that. It would have been nice to go to the admin page from outside the house 

- i spend several weeks abroad every year, places where internet is heavily censored by the local governments. Believe it or not, wikipedia is currently blocked in my home country.  I was hoping to test vpn during my next travel there. And maybe let my close family there use my vpn for their uncensored internet needs. 

Kind regards and many thanks for your time 

You are right that VPN is more secure than port forwarding for remote management of the router.

I would think you should still be able to access the router, even without the static route.  Have you forwarded the OpenVPN port on the on the KPN router to the Orbi's static LAN IP? The dafault port is UDP/1194.

Are you using the TUN mode config file on your iPhone? (TAP mode is apparently not supported on iOS.)

If you cannot bridge your router though, you really should run Orbi in AP mode, for other reasons.  In that case you cannot run OpenVPN on Orbi, but you could use a different remote access approach.  I use a Raspberry Pi setup as an SSH server. on the LAN  With this and a good remote desktop client (like Jump Desktop) I can connect to a desktop machine on my network.  From there I can browse, manage the router via the GUI, etc.  This is also much faster then OpenVPN.