Hybrid VPN and extender

[TheFx1]

Hi dear NetDuma team,

All these tests were done against an XR500 running last official version of NetDuma software (V2.3.2.56).

Here I come again... I have tested hybrid VPN in the following configuration:

- Direct Wifi connection to my XR500 and here, everything works

- Connection to a relay wifi on my extender and hybrid VPN does not work (I waited long enough to ensure the new IP for my PC was registered correctly in the device manager)

- Ethernet connection to the extender and here same thing, Hybrid VPN does not work (same as above). 

The only difference is,  when going through the extender the mac addresses are re-written as the extender acts as a proxy. The extender is the Netgear Nighthawk EX7700 and there is no choice on proxy or not proxy when it comes to configuration. I have already experienced the same behaviour with geofiltering. Now maybe you can try to convince NetGear to change their software on the EX7700 so that it allows the MAC addresses not to be rewritten. 

I am not expecting any fix on the current software, but I do hope that netduma 3.0 has been tested with re-written mac addresses, once again happy to test 3.0, I have already registered myself with Netgear but so far nothing.

So it looks like that for some reasons, as soon as any of my devices goes through an extender (netgear, tp-link,...) none of the useful features are working. I was almost about to get an R2 just to make sure to get my hands on V3 but if this type of configuration hasn't been tested then there is no reasons for me to get 3.0 at all and I am fairly confident that I am not the only one using a Netduma based router with an extender to relay the wifi (as not everyone has their houses/flat fully wired in cat 6 and/or the wifi signal strong enough to go everywhere). 

 

Best regards,

FX.

 

[Netduma Fraser]

Sorry to hear you're having this issue, could you try something for me if possible and put the extender in AP mode instead and then see if a device connected to it is able to work through HybridVPN? My theory is that it will work.

[TheFx1]

Hey Fraser,

 

There is no AP mode (of if there is it is well hidden in a very thin menu) in the X6S nighthawk (EX7700). 

 

Most of the extenders I've tried so far do not offer the AP mode at all. 

 

Best regards,

FX.

--- EDIT

 

There is an AP mode, in order to activate that, the EX7700 needs to be connected to the router via ethernet,  which kind of defeat the purpose of having the extender set in order not to have to lay down cables between the router and the extender.

 

 

[Netduma Fraser]

Yeah I totally get that, if it's not easy/practical for you to do then don't worry about it. The extender has an interface is that right? Does it give the same IP address as the Device Manager?

[TheFx1]

I'd love to test that, but can't really put a 60ft meter cable even more as I need to go through doors and stairs just for that test.

 

The X6s does have an interface with its own IP address, and from times to times it almost substitutes itself the to IP but with another MAC address and didn't figure out yet why or how...Now, my computer is not the only device connecting to the internet via the extender, my console as well, together with other devices (NAS,...).

What it does is removes the prefix of the mac to replace it by its own. e.g. AA:BB:CC:DD:EE:FF becomes XX:YY:ZZ:DD:EE:FF when not substituting itself to the host. And the Device Manager sees that and adds the MAC records to the its list correctly (proxy'd and not proxy'd MACs linked to the IP Address). 

I do not really want to have this pseudo device under VPN and/or geofencing, also if I take the example between the XBOX, computer and a work laptop.

As we discussed previously, Console type devices are automatically placed under VPN and when put under geofencing there is hardly anything else to specify.

Now for the PC, I have some services that I would need to be behind a VPN, but not all of them, and for geofencing I would want that only for games (not for other services I may use). And when it comes to the work laptop for instance, I do not want any VPN and/or geofencing at all. I am happy to host a zoom or any other type of meeting to show and detail my configuration if you think that could help.

Right now, the only service that is of use to me and that kind of work is the QoS but even that I start having doubts as it seems to be MAC based rather than IP based.

Which leads to another question, could these services (GeoFencing, Hybrib VPN, ...) be IP bound rather than MAC bound ? And if the tradeoff is that I need to put static IP addresses to the devices then so be it. But right now, I fail to justify the use a Netduma enabled router at all. 

So please tell me that NetDuma 3.0 has been tested and works with proxy'd MACs. 

 

 

[Netduma Fraser]

We have tested this before on the 500 actually so not sure why that's occurring. I don't think we specifically tested it with the VPN though so that's probably the reason. I can pass it on to the team to have a look at and see if they can do anything for the next firmware.

[TheFx1]

Fair enough,

 

Do you think it could be linked to some bogus references in the Device Manager (as I do believe that this is the only place where the host information, ip and macs are stored? 

Is there any kind of log that would help? Maybe clearing the Device Manager would help, without losing all the other settings if that is possible.

When you say this has been tested, you mean the GeoFencing, VPN and all ??? And these tests were done in 2.x right ? 

Anyway, let's hope that 3.0 would address these issues.

 

Best regards,

FX.

[Netduma Fraser]

I mean it was tested with that extender or one similar that devices appeared correctly, I don't think wider testing like that was done as shouldn't have affected it. I'm not a developer so couldn't say for certain. If you reboot the router you can delete each device and then connect them back and see if it helps.

[stevenolander63]

The problem is that you have to bypass this system using a proxy server. I think that the usual proxy protection would be enough here. If you have a question about which proxy server to choose, then I could advise you the Soax service. I have been using it myself for several years, and I am more than satisfied with everything since I have never encountered any security-related problems yet. The main thing here is to choose the service that is right for you