Openvpn Client Portable

[Beverly Zielonko]

Ifound getting OpenVPN to work very confusing and frustrating. Eventually, I got OpenVPN working with two separate Orbi systems on Android, Linux, and Windows clients. in other words..... I am certainly no 'expert', but it does work.

The important part (to me) is that they are different. If an OpenVPN Client connection designed for tap tries to connect to an OpenVPN host designed for tun, it will fail. (And the reverse.)

Can you be a bit more specific about this? My 'sense' is that the laptop was taken to another place where it could connect to a different network. Is this correct? (My own test practice is to disconnect my smartphone from the Orbi WiFi, which causes it to revert to LTE data. Then open a "Hot Spot" and connect the laptop to that. My point is that this test has the laptop in no way connected to the Orbi network.

As I undertsand it, OpenVPN client versions prior to 3.x support both TUN and TAP connections. Starting with version 3.0, the client only supports TUN. If you want your device to be able to communicate with other devices on your network when connecting, it must use TAP. TUN is just for access to the Internet it seems, for example if you're traveling in another country and you're tryign to watch Netflix in your own country.

My understanding of the tun/tap difference is that tap puts the VPN client in the same IP subnet as the Orbi LAN, and thus all broadcast messages go across the VPN tunnel (in both directions). Here's how Wikipedia describes it:

Though both are for tunneling purposes, TUN and TAP can't be used together because they transmit and receive packets at different layers of the network stack. TUN, namely network TUNnel, simulates a network layer device and operates in layer 3 carrying IP packets. TAP, namely network TAP, simulates a link layer device and operates in layer 2 carrying Ethernet frames. TUN is used with routing. TAP can be used to create a user space network bridge.

The configuration files Orbi produces for Windows and 'non-Windows' (i.e. Linux) both specify tap as the default. The configuration file Orbi produces for 'smartphones' specified tun because iPhones and Android phones are restricted to using tun. Both tap and tun allow access to devices on the LAN. (I just verified this with my Android phone using tun)

For me, this has never been an issue because I typically connect to a Hot Spot on my phone, which hands out 192.168.43.x IP addresses. All subnets from 0 through 254 are valid private IP addresses. Maybe some engineer was thining ahead, "what if someone attempts to open a VPN on this phone's Hot Spot?" Or, maybe just dumb luck.

My previous setup was: Nighthawk R7000 with customized firmware loaded onto it and acting like a VPN client (OpenVPN). Due to the fact that we moved, I had to replace existing setup (not enough coverage) with RBR50 to get a coverage I needed. During the integration process I got stuck with the setup where VPN is required and from what I read, I think the setup I need is unfortunately not supported. My requirement is: RBR50 acting as a OpenVPN client connecting to remote location. The only settings I was able to find on my firmware was a VPN server which would allow clients to connect to my RBR50. That's not what I need ... Can somebody please help with this ?

You are correct. Netgear's firmware for the Orbi (as with the Nighthawk) supports only OpenVPN server for the purpose of reaching the Orbi LAN from outside. There happens to be third party firmware for the Orbi RBR50 that provides OpenVPN Client and also Wireguard.

Thank you but no, this is not what my set up is about. I plan on using different openvpn server so my orbi will be acting as a client. Article which you sent describes issues with connecting TO orbi openvpn server.

Looks like w/o changing the firmware this is almost mission impossible ...

Trying to set up a client-to-site VPN to an OpenVPN server which is elsewhere, so that the OpenVPN client is my TL-R605 gateway here. I've set up the configuration using "Client-to-Site", "VPN Client" and "OpenVPN" options, as below, and the configuration completes, apparently successfully. Although I've imported the ".ovpn" file, there's nowhere to enter a username or password. How do I actually connect, and how do I subsequently put in a transmission route through the VPN connection? By the way, I can successfully connect to this remote VPN server from a windows PC here using standard OpenVPN client, or even from a Synology NAS here using an OpenVPN profile, so there's no technical problem other than configuration of the TP-Link router/Omada SDN. Can anyone help?

@penguintree I have found the solution. I used the autologin profile (.ovpn file) containing both the key and certificate, downloaded from the OpenVPN server I'm connecting to. I imported this into the VPN client configuration for the omada VPN policy and set the remote server ip address and the udp port number (not the tcp port number I was anticipating was required) - it didn't say which to use anywhere, but it's the udp one; 1194 in this case. There's no notification that the VPN has connected successfully available anywhere from the omada controller, which makes diagnostics really difficult - the only way I can be certain is to look at the admin console for the remote OpenVPN server, or to direct all LAN traffic through the VPN and do a tracert or "whatsmyip".

@Fae Thanks for the reply. I *am* trying to use the TP-Link router as OpenVPN Client and that's why I'm trying to import the ".ovpn" file. I also have control over the OpenVPN Server (at the other, remote end). I now realise that I can set the remote server to allow auto-login or server-locked profiles (therefore not requiring username and password), which I've done so I've also generated and exported those profiles and tried importing them into the TP-Link router. I am sure that the router is supposed to do be able to work as an OpenVPN client, it's just that I clearly don't understand how to configure it to connect. Can anyone at TP-Link help? I won't be the only person who needs to know this. Thanks in advance.

Where in the .ovpn file did you enter your login credentials? I'm attempting to duplicate your solution, but all the tutorials I find instruct the insertion of a command into the .ovpn file that points to a separate file with username and password. The TL-R605/Omada interface appears to allow only one file upload in the VPN config section.

There are at least two of these threads where someone has claimed to make an Omada SDN gateway work as an OpenVPN CLIENT. They claim it works, then vanish from the forums. Granted, it's not like I hang out here unless I have a problem either.

I don't mean to doubt them, but it's time to see screenshots of every single configuration required to make it happen, and a working (just mask the IPs and change 2 letters in the friggin keys to invalidate them) .ovpn file.

I'm interpreting the phrase "it connects, but there's nowhere to verify it" as "it doesn't connect and I am just diagnosing the state incorrectly." I see nothing on my OpenVPN server, no connections, no attempted connections, nada.

Hey, maybe it's on demand and something needs to be routed to the VPN for it to work? Great, show just ONE EXAMPLE of how you'd set up an IP to be routed over the mythical VPN connection. Just ONE example.

In short, I suspect there are these threads are created by people who put in OpenVPN connection information and assume its working and have gone on their merry way. I'm happy to eat my words if someone can prove that ANY OpenVPN client configuration in Omada does ANYTHING.

3a8082e126