Netgear R7000P

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).
dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Netgear R7000P

Post by dropframe » Mon Jun 27, 2022 6:27 pm

I have a cable modem connected to a Netgear R7000P router. I have a windows 10 64 bit operating system with x64-based processor connected wirelessly to the router.
I accessed the router and selected Enable VPN Service. I selected UCP the ports remained 12973 and 12974. Clicked the apply button.

Clicked the download "for Windows". Got the following error message:
Currently your Dynamic DNS service is not enabled, and the IP address for your Internet connection will be used for client configurations. When the IP address for your Internet connection is changed, you will have to download and install the configuration files again.
Clicked OK and zip downloaded to desktop. Unzipped to New folder on desktop. Folder contains 4 files including ca and client certificates and client1 OpenVPN config.

Went to openvpn downloads. Downloaded Windows 64-bit MSI installer file OpenVPN-2.5.7-I602-amd64.msi (Question. Is this the correct file?)
I then, from desktop, Tried to installed it. Got the following error message:
No readable configuration profiles (config files) found. Use the 'import file..' menu or copy your config files to : "C:\Program Files\OpenVPN\config\" or "C:\Users\MyName\OpenVPN\config\"
None of the usual setup questions happened ie. "Select components to Download", etc.
So I moved all four files from desktop folder contains 4 files including ca and client certificates and client1 OpenVPN config to "C:\Program Files\OpenVPN\config\"

Then went to OpenVPN GUI and selected reconnect. (OpenVPN is still on the desktop.)
Got the following error message:
Mon Jun 27 13:17:23 2022 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mon Jun 27 13:17:23 2022 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Mon Jun 27 13:17:28 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.


I will stop here and ask for suggestions. I have tried several things but no luck. Rather than telling you what did not work, thought i'd ask for your thoughts.

THANK YOU IN ADVANCE!!

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Mon Jun 27, 2022 9:46 pm

dropframe wrote:
Mon Jun 27, 2022 6:27 pm
I have tried several things
For example ?

This may help you to get started:
https://community.openvpn.net/openvpn/w ... PN-GUI-New
dropframe wrote:
Mon Jun 27, 2022 6:27 pm
Went to openvpn downloads. Downloaded Windows 64-bit MSI installer file OpenVPN-2.5.7-I602-amd64.msi (Question. Is this the correct file?)
I
Yes. And it is not OpenVPN-Connect-Windows, which is where you originally posted and why your thread has been moved.


BTW: We don't support your router, you're on your own there.

Other help:
https://community.openvpn.net/openvpn/wiki/HOWTO
viewtopic.php?t=22603#p68963

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Wed Jun 29, 2022 5:16 pm

MORE INFO

After doing everything in original post I did the following:

Went into Ethernet setting and changed TAP-Windows adapter Name to NETGEAR-VPN
Then I went to Program Files>OpenVPN>config. I right clicked on "client1" and selected "Start OpenVPN on this config file"
Got the following error message:
2022-06-29 11:59:58 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-29 11:59:58 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-06-29 11:59:58 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.


What is my next step?

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Thu Jun 30, 2022 6:42 pm

More info and things I've done:
Added line
remote-cert-tls server to client1 opvn file.
This gets rid of error message:
WARNING: No server certificate verification method has been enabled.

Question: Should I have added this line?

Now when I run OpenVPN it gives the following error message:
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Thu Jun 30 13:34:17 2022 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.


AND stuck in "Current state: connecting"

Question: Should I worry about these error messages? Do I need to do anything about them?

Question: I have done nothing relating to Dynamic DNS. Do I need to set up Dynamic DNS?

THANK YOU FOR YOUR HELP!!

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Thu Jun 30, 2022 7:08 pm

dropframe wrote:
Thu Jun 30, 2022 6:42 pm
his gets rid of error message:
WARNING: No server certificate verification method has been enabled.

Question: Should I have added this line?
Yes.
dropframe wrote:
Thu Jun 30, 2022 6:42 pm
Now when I run OpenVPN it gives the following error message:
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Thu Jun 30 13:34:17 2022 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.

AND stuck in "Current state: connecting"

Question: Should I worry about these error messages? Do I need to do anything about them?
Yes.

Disable compression and --cipher in your server and client.
dropframe wrote:
Thu Jun 30, 2022 6:42 pm
Question: I have done nothing relating to Dynamic DNS. Do I need to set up Dynamic DNS
Dynamic DNS usually helps.

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Thu Jun 30, 2022 8:47 pm

Question:
How do I correct the following errors? Can't find any help.

WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Thu Jun 30 13:34:17 2022 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.


How do I
Disable compression and --cipher in your server and client

THANKS EVERYONE and especially TinCan Tech

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Thu Jun 30, 2022 11:26 pm

dropframe wrote:
Thu Jun 30, 2022 8:47 pm
How do I
Disable compression and --cipher in your server and client
Have you ever heard of google ?

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Fri Jul 01, 2022 4:44 pm

Last time I used Google I learned that the Earth is flat, that Trump is still president, JFK is alive snd well.

I prefer to get my information from a more trusted place.

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Fri Jul 01, 2022 5:32 pm

More things I've done:

On my client1 .opvn file I replaced cipher line with:

cipher AES-256-GCM

This replaces "cipher AES-128-CBC"

Question: Is this sufficient? Should I just delete the cipher line all together? Now what do I need to do on the router side regarding compression?

I only have one error message now:
Fri Jul 1 12:35:47 2022 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

I am still NOT able to connect. When I select connect, it goes to "connecting" and stays there. Never connects.
Last edited by dropframe on Fri Jul 01, 2022 6:15 pm, edited 2 times in total.

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Fri Jul 01, 2022 5:34 pm

Do not use --cipher, it is deprecated, just as your log shows.

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Fri Jul 01, 2022 5:53 pm

Sorry, not sure what you mean. Are you saying, just delete the cipher line?
Since I changed cipher it no longer shows as deprecated.
Was the 128 bit the deprecated one?

Now do I need to do more that just correct the client config? Anything in the router? How do I stop the server from using encryption (Isn't that the whole point of this exercise? Or is it ok if they both use cipher AES-256-GCM?)

I'm trying very hard to learn.

BTW I made an edit in my post above to add a small paragraph at the end.

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Fri Jul 01, 2022 7:28 pm

dropframe wrote:
Fri Jul 01, 2022 5:32 pm
I am still NOT able to connect. When I select connect, it goes to "connecting" and stays there. Never connects
This means that your client cannot reach your server, you probably need a DDNS name.

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Fri Jul 01, 2022 8:18 pm

In my Netgear R7000P router I went to Dynamic DNS. Netgear uses No-IP. I signed up and got a host name. My router has "use a DDNS selected" and it says "The NETGEAR DDNS on this router is currently configured to:
my host name.

Got an email from No-IP regarding setup. It says:
If you are behind a router or firewall, you will need to open and forward the correct ports for the services you wish to run.
At this time I am not interested in accessing my home network away from home. Do I need to do this?

At this point my OpenVPN is still stuck connecting when I try to run OpenVPN from my computer. As far as I know DDNS is running.

Any ideas?

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Fri Jul 01, 2022 8:52 pm

Is it possible my connection problem is from an earlier step?

Went into Ethernet setting and changed TAP-Windows adapter V9 Name to NETGEAR-VPN.
Was this the correct thing to do? There is no LAN cable connected to my computer and this connection shows a red X next to it. I'm using wireless. Did I miss something?

The following is my opvn config file

client
dev tap
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
dev-node NETGEAR-VPN
remote 174.126.60.185 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-GCM
comp-lzo
verb 0
remote-cert-tls server

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Fri Jul 01, 2022 9:47 pm

dropframe wrote:
Fri Jul 01, 2022 8:52 pm
remote 174.126.60.185 12974
Try your server LAN IP. eg. 192.168.what.ever

It is also time to read the howto, starting here:
https://community.openvpn.net/openvpn/w ... cIPaddress

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Sat Jul 02, 2022 7:07 pm

As suggested, I changed my configuration file line from:
remote 174.126.60.185 12974
to: remote 192.168.1.1 12974

No change. Still stuck "connecting"

Then tried :
remote 192.168.1.1
(without port)
No change. Still stuck "connecting"

So I put it back to
remote 174.126.60.185 12974

Any suggestions?

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Sat Jul 02, 2022 7:53 pm

Ping your server from your client. Post the result, in full.

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Sun Jul 03, 2022 5:36 pm

The following is all my ip information with DDNS turned on
Question: Does all this look correct?
I will send ping info in another post.

C:\Users\Temp Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-5OOADFE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 70-5A-0F-2C-05-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Unknown adapter OpenVPN Wintun:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Wintun Userspace Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Unknown adapter NETGEAR-VPN:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-08-DF-C3-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 68-14-01-44-0C-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
Physical Address. . . . . . . . . : 6A-14-01-44-0C-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter
Physical Address. . . . . . . . . : 68-14-01-44-0C-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::98a1:c0d2:e199:14b3%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, July 2, 2022 12:09:40 PM
Lease Expires . . . . . . . . . . : Monday, July 4, 2022 12:09:41 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 157815809
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-A5-02-CF-68-14-01-44-0C-11
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
8.8.4.4
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Ping statistics for 174.126.60.185:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

dropframe
OpenVPN User
Posts: 21
Joined: Mon Jun 27, 2022 5:11 pm

Re: Netgear R7000P

Post by dropframe » Tue Jul 05, 2022 6:31 pm

OK More PROBLEMS

I deleted Surfshark from my computer and reinstalled it from Surfshark installer file version 4.0.2999.0.
I ran it and now Surfshark Wireguard is installed. There is a Wireguard network connection now added.
My ipconfig /all now shows:
PS C:\Users\Temp Administrator> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-5OOADFE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Unknown adapter SurfsharkWireGuard:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WireGuard Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.14.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 162.252.172.57
149.154.159.92
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 70-5A-0F-2C-05-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Unknown adapter OpenVPN Wintun:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Wintun Userspace Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Surfshark Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-FE-91-6F-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Unknown adapter NETGEAR-VPN:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-08-DF-C3-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 68-14-01-44-0C-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
Physical Address. . . . . . . . . : 6A-14-01-44-0C-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter
Physical Address. . . . . . . . . : 68-14-01-44-0C-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::98a1:c0d2:e199:14b3%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 5, 2022 12:10:52 PM
Lease Expires . . . . . . . . . . : Wednesday, July 6, 2022 12:10:52 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 157815809
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-A5-02-CF-68-14-01-44-0C-11
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
8.8.4.4
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled


Compare this to the ipconfig /all from above.

What do I need to do?

User avatar
TinCanTech
Forum Team
Posts: 11009
Joined: Fri Jun 03, 2016 1:17 pm

Re: Netgear R7000P

Post by TinCanTech » Tue Jul 05, 2022 7:30 pm

Start from scratch .. may be.

Post Reply