Suggest a router that has a VPN

Discussion in 'Chit-Chat' started by Tazz 316, Apr 13, 2018.

Share This Page

  1. Tazz 316

    Tazz 316 Young grasshopper

    Joined:
    Aug 11, 2016
    Messages:
    52
    Likes Received:
    3
    I'm looking to replace my netgear R7000 since netgear still uses MD5 and has yet to update the firmware.
     
  2. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    25,938
    Likes Received:
    6,616
    there was a new update in the last few weeks...see if it resolved the md5 issue
     
  3. Tazz 316

    Tazz 316 Young grasshopper

    Joined:
    Aug 11, 2016
    Messages:
    52
    Likes Received:
    3
    When i check i still get No new firmware version available. But there is one on there site to download, i wonder if it will fix the MD5 issues.

    Wouldn't you need to use a new key if they fixed it.
     
    Last edited: Apr 13, 2018
  4. bigredfish

    bigredfish Known around here

    Joined:
    Sep 5, 2016
    Messages:
    1,196
    Likes Received:
    1,014
    Location:
    Florida USA
    Im getting the a message about it when i use the VPN on my phone. Says it will expire end of April. Guess I need to dig into it this weekend..
     
  5. bigredfish

    bigredfish Known around here

    Joined:
    Sep 5, 2016
    Messages:
    1,196
    Likes Received:
    1,014
    Location:
    Florida USA
    It shows Im running the most current firmware
    Firmware Version
    V1.0.9.26_10.2.31

    iphone OpenVPN client says this when opening it:

    OpenVPN received a cert signed with MD5.
    Please inform your admin to upgrade to a stronger algorithm.
    Support for MD5 will be dropped at end of April 2018
     
  6. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    25,938
    Likes Received:
    6,616
    .28 is the latest.. see the website they are rolling it out slowly... You can download manually
     
    bigredfish likes this.
  7. Tazz 316

    Tazz 316 Young grasshopper

    Joined:
    Aug 11, 2016
    Messages:
    52
    Likes Received:
    3
    I'm on V1.0.9.28_10.2.32 and still get the MD5 issue.
     
    fenderman likes this.
  8. bigredfish

    bigredfish Known around here

    Joined:
    Sep 5, 2016
    Messages:
    1,196
    Likes Received:
    1,014
    Location:
    Florida USA
    hmmmmm I wonder if we need to re-issue the cert for the mobile app after the upgrade to the server to .28....?
     
  9. Tazz 316

    Tazz 316 Young grasshopper

    Joined:
    Aug 11, 2016
    Messages:
    52
    Likes Received:
    3
    did that same issue.
     
  10. squeeze

    squeeze n3wb

    Joined:
    Mar 5, 2018
    Messages:
    8
    Likes Received:
    4
    Quick Google search shows you can successfully replace the certificates on Netgear routers yourself, oddly enough because Netgear routers are one of many that have Sercomm backdoors that unlock full admin access to a router by throwing magic packets at it unlocking a hidden Telnet server in the router.

    Here are some instructions to replace Netgear OpenVPN certificates
     
  11. bigredfish

    bigredfish Known around here

    Joined:
    Sep 5, 2016
    Messages:
    1,196
    Likes Received:
    1,014
    Location:
    Florida USA
    Thanks @squeeze appreciate your help. That looks to be Android specific, wonder how different IOS/ iPhone is?

    Now I cant wait to go through all of those technical steps to simply update my router/certs that NG should allow for in the GUI :( The average user wont make it past step 1. I may get to step 3 :confused:

    I may just say fuck it and by a new Asus router with OpenVPN - after I verify this has been updated..
     
    handinpalm and looney2ns like this.
  12. gumby2

    gumby2 n3wb

    Joined:
    Dec 9, 2017
    Messages:
    12
    Likes Received:
    2
    Location:
    Colorado springs
    My tm
    My ac1900 with openvp has been solid. Saw a slickdeals for $49 refurb recently. High speed will need higher end model.
     
  13. xlarons

    xlarons n3wb

    Joined:
    Apr 16, 2018
    Messages:
    16
    Likes Received:
    4
    Location:
    UK
    Just to throw this idea in there, what about getting any router you like and adding an OpenVPN server on another device on your network?
     
  14. Tinman

    Tinman Pulling my weight

    Joined:
    Nov 2, 2015
    Messages:
    422
    Likes Received:
    218
    I agree, seems Netgear is losing ground, or least with me. I am on my second Nighthawk X6S (from Costco). The 2.4 radio went out of the first one and the VPN in it is a joke. I run OpenVPN on my BI machine and it works perfect. I am hoping Costco will change brands someday down the road and then maybe this unit will be going back. BTW I already had a TP-link from Costco fail as well, so I am on the 3rd time around with them, but they always just give me my money back :)
     
    fenderman likes this.
  15. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    4,882
    Likes Received:
    2,976
    Location:
    Evansville, Indiana
    I'll bet that just like Walmart or Sams, the products you buy at Costco, are NOT made the same as the general models, they're cheapened.
    Home Depot and Lowes pulls the same stunts.
     
  16. Tazz 316

    Tazz 316 Young grasshopper

    Joined:
    Aug 11, 2016
    Messages:
    52
    Likes Received:
    3
    How does one go about using OpenVPN on the PC? I use BI to so my PC is always on never thought about just using OpenVPN on my PC and skipping the router.

    I don't think netgear will have it fixed before the end of the month. Do ALL of netgears routers have this issue? I would assume they all are using the same firmware.
     
  17. Tinman

    Tinman Pulling my weight

    Joined:
    Nov 2, 2015
    Messages:
    422
    Likes Received:
    218
    I used this guide:

    Easy_Windows_Guide – OpenVPN Community

    It seems a little deep at first, but just do it a step at a time. If you do something wrong just try again. Just when you start to generate the client keys.....do them all the same time, that is one after each other. Also be sure to edit the files as explained here: VPN Primer for Noobs

    This will generate the keys using sha256 instead of the MD5.

    Sure, it is much easier to use a VPN built in the router, but the PC method will give you more options. Feel free to ask questions if you get stumped. After doing mine about 5 times you start to get the hang of it :)
     
    Last edited: Apr 19, 2018
    bigredfish likes this.
  18. stratfordwill

    stratfordwill Getting the hang of it

    Joined:
    Jun 29, 2014
    Messages:
    10
    Likes Received:
    27
    I'm a fan of unifi. I just set up a vpn for my parent's cams from halfway across the country. All in a gui.

    It took a while for them to get the remote user VPN working in unifi, but they finally did it.
     
  19. toolazyforalogin

    toolazyforalogin Young grasshopper

    Joined:
    Mar 21, 2018
    Messages:
    64
    Likes Received:
    17
    I bought a raspberry pi and run it for my vpn. Just a thought.
     
  20. Tazz 316

    Tazz 316 Young grasshopper

    Joined:
    Aug 11, 2016
    Messages:
    52
    Likes Received:
    3
    Might be over my head i notice that you have to use port fwd was trying to avoid any of that and you need to use a Static ip my PC has already has one for BI so i guess you would need another for openvpn. I'm not very familiar with command prompt.
     
  21. Tinman

    Tinman Pulling my weight

    Joined:
    Nov 2, 2015
    Messages:
    422
    Likes Received:
    218
    Ok, you might want to consider just getting a Asus router with VPN built in then. You don't need a static IP , but if you do that will work for the OpenVpn as well since they will be on the same machine. You not knowing what a command prompt is what worries me though, why I suggested the Asus router.

    Asus RT-AC68U
     
    bigredfish likes this.
  22. Pocono Joe

    Pocono Joe Young grasshopper

    Joined:
    Jul 29, 2018
    Messages:
    50
    Likes Received:
    4
    Location:
    Poconos, PA
    Tinman.. I just bought and hooked up the ASUS router to my home network.. I have not hooked up my new Dahua NVR to it yet.. I'm still in the process of installing the new Dahua 5231 cameras.. How do I adjust the settings on the router for VPN?

    Thanks, Joe
     
  23. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    4,882
    Likes Received:
    2,976
    Location:
    Evansville, Indiana
    Search this site for Randy setting up VPN
     
    Pocono Joe and c hris527 like this.
  24. Zorac

    Zorac Getting the hang of it

    Joined:
    Apr 17, 2015
    Messages:
    210
    Likes Received:
    20
    if you want to take a big dive, try running pfsense. a bit of a learning curve but once you get it consumer routers will seem limited. i running on one of these with a used 4 port intel nic from ebay, doesn't cost much more than a good consumer router.

    ASRock J4105B-ITX Intel Celeron Quad-Core Processor J4105 (up to 2.5 GHz) Mini ITX Motherboard/CPU Combo - Newegg.com
    HP NC364T PCI-E Quad Port Gigabit Server Network Adapter 436431-001 / 435508-B21 | eBay (these do run a bit hot, so make sure you have a case fan)

    i only recently upgraded to this setup because my other hardware failed (motherboard died duuring a brown out, it was a good 7 years old and from aliexpress so i can't complain). i tired an asus ac68u with the merlin firmware on it afterwords and it was a bit too limiting for what i have running on my network (i had do do pretty much everything through scripting and then getting logging data on the scripting was hard) and ended up returning it and going with my new pfsense setup.
     
  25. crw030

    crw030 Pulling my weight

    Joined:
    Apr 26, 2016
    Messages:
    204
    Likes Received:
    105
    I run pfSense, and I also happen to have an ASUS router running OpenVPN as well, so I feel I can give an informed position.
    • for a solid 99% of users visiting this forum, pfSense will be both overkill, and significantly more confusing than an ASUS router.
      • many have difficulty hooking up and configuring IP cameras
      • some don't understand why port forwarding is bad
      • some face difficulty getting ASUS' OpenVPN connection working
      • so for many pfSense is a much greater learning curve than they should undertake
    Nothing wrong with your recommendation @Zorac but unless the user has an interest in networking (and a lot of time to spend figuring out pfSense configurations), best to keep them in the consumer products that are well understood.

    Funny story
    Recently my daughters boyfriend was aggravated because he had paid for Call of Duty (limited time) Beta, and he couldn't play with his friends that had "Open NAT". He didn't understand why I was so resistant to "just do what my dad does, port forward all these ports or put our computers 'outside the firewall' because that's how they got two Xboxes to work at their house" (DMZ). He meant well but I have a high security profile by choice (even though it is more effort), I at least try.

    I explained none of that was necessary, we could tweak the firewall rules so the game thought the NAT was "Open" but the PCs were still shielded behind the firewall. Unfortunately, there was very little to go on, because the PC version is brand-new "in Beta", so it took longer to fix than he wanted (by reviewing the pfSense logs to figure out what traffic was being blocked to get it sorted), but it was working by the next day.

    It ended up being a firewall rule, combined with a very limited UPnP rule for each Call of Duty PC (all UPnp is blocked by default so have to work backward from there), but finding someone with pfSense with the same problem on a BETA game was challenging, and me being modestly experienced in networking also confused the situation.

    I don't see most forum users having the patience to deal with this kind of headache. Most would cave to the "low security profile" pretty quickly just to get things working. I believe that's why port forwarding is the "standard response" you see to questions about accessing things inside your network (elsewhere on the internet), its easier than saying "figure out how to run a VPN"!
     
    Last edited: Aug 20, 2018
  26. CCTVCam

    CCTVCam Pulling my weight

    Joined:
    Sep 25, 2017
    Messages:
    230
    Likes Received:
    102
    Not got one, but the Billion 4x4 MIMO AC 2400 seems to be very highly regarded. I was looking at one of these as an upgrade for my IP supplied router. Not cheap, but then again if user reports are believed, you're paying for the quality:

    Has 16 IPSEC VPN channels and pretty much bridges the gap between consumer routers and high end business routers:

    Billion BIPAC 8900AX-2400 Reviews - Billion BIPAC 8900AX-2400 ADSLAC WiFi Router

    https://www.amazon.co.uk/Billion-MU...qid=1528148019&sr=8-4&keywords=billion+router

    BiPAC 8900AX-2400 - Wireless-AC 2400Mbps 3G/4G LTE VDSL2/ADSL2+ VPN Firewall Router