Lots of problems using this router for VPN services. They don’t allow accounts and they all use the same cert. If you have to withdraw a cert from someone you do it for everyone. Not a good idea.
Here’s the issue. VPN was turned on, and configured as default — using default ports for both TCP and UDP. Normally you’d use 1194 but this defaults that you use 12973 and 12974 respectively for protocols. Not sure why. Why would you need two ports for this when frankly openvpn uses UDP by default?
Anyway, nothing we did would make this work. Multiple checks against settings. Testing from remote locations with multiple clients. A sifting of the openvpn configuration files. Ensuring certificates and keys were in place. Nothing would work.
I attempted to update the router to the latest firmware. It failed over and over with Language GUI download errors. Manually located the firmware update and downloaded it. But what do you know, they don’t give you the option to install it from file unless you back out of the auto-check for firmware updates right at the point where it is doing the update check (not wise). Then you get a field for the .chk file and you can browse to it. After updating it reboots.
After the update and the reboot, upon examination I found that the port forwards were missing. None were listed. OK I thought, add them again. Nope. It gives messages that the ports conflict. Try to delete the old ones. Nope. Not listed. Nothing to deleted.
Alright, reset the router. Go to the electrical closet and press and hold the reset button. It reboots.
Go back to the office and try to access. Long periods of waiting while it check for other routers on the network and for an internet connection. Get prompted to enter admin name and password and am immediately forwarded to netgear.com. Why do I want to go there? I’m trying to set up the router.
OK, go back and log in. Then I am put through checks again for other routers and internet connections. I do the WiFi stuff. Then I go into advanced and begin setting up the router. Then port forwarding for RDP. Guess what? There’s no place to put in IP restrictions. I want to limit access to RDP to specific IP addresses. Gotta move on.
I then enable VPN again, confirm ports, ensure all access to clients, and save. Then I download the config files for each type…windows, non-windows and smart phones.
I upload them to my own Nextcloud so I can check them from my shop.
I then try remote desktop on my phone using the static public IP. Bingo, that works. Port forwarding is now working.
I didn’t redo the DHCP reservations because the Windows machine that I was on had the correct IP. However, hours later it failed for a user as it appears the computer’s IP address changed. Silly me. Have to deal with that now. There’s no reason the router should have reassigned the IP address. Most don’t. This one appears to.
From the test machine I then try it the Windows 10 RDP using the public IP. That works.
I go back to my shop and try the VPN on a Windows VM machine running in Proxmox. After some effort I get it working. That’s surely progress.
I then try it on Linux, which is my primary OS. Not happening.
I then try it on a tablet. That works.
I then go into the Linux OpenVPN and find that it just doesn’t want to work with TAP so I change the port to 12973 and to use TUN. That works. I test various ways to get TAP to work. Nope. TUN is it then. It seems fine.
This is one of those typical computer nightmares that we all experience. This should not happen. BTW, the online support pages suck terribly. Not just the Netgear pages but virtually everything from everywhere that discusses Netgear’s router VPN.
At the very bottom of their online version of the instructions on Windows it says that you have to rename the TAP network interface to NETGEAR-VPN. That seems to correspond to an entry in the client.opvn file. It won’t work and errors out unless you name it properly.
So, those are some hints that may aid you in resolving your issues.
On a positive note I did see something about VLAN in the router configuration. This is something that should be a must for every router. VLAN support is a must these days and should be a minimal part of all consumer and commercial routers.