In this article, we are going to go into more detail explaining how to create a Cloud Insight VPN network with the NETGEAR BR500 router. After carrying out our complete analysis of the router for professional use of the NETGEAR brand, and seeing its interesting capacity to create and manage VPN networks, we are going to dedicate these lines to studying the entire process of creating a VPN network from the moment we connect our router to power.
The proposal that NETGEAR makes us so that any user, without prior knowledge, is able to set up their own virtual private network, has seemed very interesting to us. Thanks to the remote management of your professional devices through Cloud Insight, we can create our network configuration with just a few clicks. It is also true that we will need some knowledge about the operation of this company’s cloud and how to connect our router to it. Surely this is the most complex part and not the creation of the network itself.
NETGEAR BR500 VPN Network Features
Before beginning the process of creating the network, it is important that we know the possibilities that this equipment offers us, as well as the main characteristics of the network.
The first thing we must take into account is that we will have the possibility of creating a VPN network through two procedures. The first will be through Insight, as we have explained, and also within the router’s own firmware, through OpenVPN. It will also be worth spending some time watching this process to notice the difference between one solution and another. The standard used for VPN networks will be 802.1Q
The first option we have is precisely to enter the firmware and configure a VPN network through OpenVPN. For this we need to take into account the following:
- We can only proceed to activate it and configure which port we want to use for client access. Nor do we have the possibility of creating a Site-to-Site network with several devices to join some networks with others.
- The security level used is through a 1024-bit RSA certificate and a SHA256 algorithm for the digital signature.
- At no time will we be able to create a new certificate or configure credentials? This means that we will always have the same RSA certificate to configure the OpenVPN client credentials, even after a router reset. Security will therefore be quite compromised by this VPN creation method
- The router itself will provide us with the client configuration file, as well as the corresponding certificates.
- We will have to have OpenVPN installed on the computer that we want to connect to the VPN. We can do it through Windows, MAC, iOS, and Android.
Network VPN Insight
For its part, the VPN Insight network does have the ability to add both groups and users to the network by email and access password. As long as they have a NETGEAR account. These are its main features:
- Possibility of making a Site-to-Site type configuration, this means that we can create up to 3 networks through more BR500 routers and join them to have more width of use.
- Each device will allow us to have up to 10 clients connected simultaneously.
- The IPsec 56-bit DES, 168-bit 3DES, AES(128, 192, 256 bit)/SHA-1, MD5 encryption method is used. The encryption for SSL certificates up to version 3 will be, DES, 3DES, ARC4, AES (ECB, CBC, XCBC, CNTR) 128, 256 bit.
- The management will be exclusively through Insight Cloud through the web portal or through the application for Android or iOS Smartphones.
- We will need a client installed on the computer that wants to connect to the network. The administration service will automatically provide a direct download link for it.
Both options support the VPN tunnel connection method using IPsec, PPTP, and L2TP. In addition, we will have a DHCP server integrated into the router for dynamic IP address assignment of the connected equipment, which will be able to access the Internet from it.
Create a VPN network from Insight Cloud with NETGEAR BR500 from a web browser
Once the main features of the VPN network have been presented, we are going to fully enter the process of creating it through the NETGEAR Insight Cloud. For this, we are going to assume that we have just bought our BR500 router and we have already completed the process of connecting it to both the power supply and the LAN network of our equipment.
The first thing we have to do is create an Insight account. If we already have one created in MyNETGEAR, it will be perfectly valid to access Insight. We will go to NETGEAR Insight to click on the button located in the upper right corner of the portal.
Once inside, we will first have to create a location, for this, we click on “ All locations ” and the option to “ Add location ” will appear. We will place the information that we see fit in the form and it will appear in the main window.
The next thing will be to access this new location so that the entire management menu appears within it. Now it is time to add our RB500 router to this location. We must click on the “+” button located in the upper right area and it will request the serial number of the equipment.
We can find this number at the bottom of the router under a barcode named “Serial”
We will already have our NETGEAR BR500 added to this location, although it will not appear in a “connected” state yet. For this we will have to restart the router, something that will be done automatically, in principle, otherwise we will do it ourselves.
After a few seconds of waiting, and checking that we already have a connection again, we will refresh the screen and the device will appear as “Connected”. The blue indicator of the router named “Cloud” will immediately turn on. The device is ready to be configured.
Creating a VPN and user group
Well then, we double-click on the drawing of the equipment to access the configuration options.
Before adding a user to a VPN we will need to create a VPN group. To do this we will go to the “ VPN Groups ” section and click on “ Create VPN group ”.
We place the name we want, as long as it does not have alphanumeric characters. Click on “Save” to create a new group. We will see that in this window we have created a circular scheme that connects to a cloud and a user.
To add our router to this VPN group so we can use it, click on “ Add device ”, inside the circle. We will choose a router, if we have several, and this will remain within the group.
In this way, a scheme like the following will be displayed. We will immediately notice in our physical router that the VPN indicator has turned on, located right next to the Cloud indicator.
We go to the ” VPN Users ” section to start adding the users that we want to have access to our new network. For this, we will have to enter their email address and they will also need to have an Insight or MyNETGEAR account since this will be the password to access the VPN network from the client.
Our administration process at Insight will initially be over. Now all move to the point of view of the client that is going to connect.
VPN Client Configuration
After clicking on “Invite” the client will receive an email to his account with the information necessary to make the connection. The first thing you will have to do is click on the link in “ Click here to accept this invitation ”.
After the account is activated with the corresponding message in the browser, it will be your turn to click on the download link of the client program. Just below “ Download and install the VPN client ”, we will have the option to download the client for Windows or for Mac OS. There is no one for Android or iOS.
The installation of the program will begin as soon as we have double-clicked on the downloaded file.
We choose the installation directory and accept the installation of a new network adapter to be used in the connection. Finally, we open the program.
Now, our user can put in his NETGEAR account email and password to access the VPN. Then click on “Connect”
In the next step, we will have to choose a VPN group to connect to it. If we have several, we can access the one we want.
Finally, the connection will be completely terminated and a status panel will be shown in which we will have the IP address, duration of the connection, and measurements of browsing data consumption.
If, out of curiosity, we do an ipconfig in the command prompt, we will see that the IP address obtained will appear in the network adapter corresponding to the VPN. In the Insight configuration panel itself, we can also see the users connected to the VPN network, either in the VPN group scheme or by accessing the user in question.
Create a VPN network from NETGEAR Insight APP on the Android
To carry out the procedure in the application we will follow practically the same steps as in the previous case, so we will not explain the procedure in such detail.
We will start in the same way as in the previous method, that is, creating a new group by clicking on the upper section of the application.
Then we will click on the “+” symbol inside the group to add a team to it. In this case, we can directly place the camera on the barcode in the lower area of the router or the QR code that appears on the main firmware screen.
Then we can put a name to the team in a quick wizard. As in the example above, we will also need to reboot the router so that it can connect to the Insight Cloud.
After waiting a while, the device will remain connected and thus it will appear in the main panel of the app.
Now we must create the VPN group and for this, we will click on the router icon in the previous window. In the new one, we will click on “ VPN Group ” to create one.
Of course, once created, we will have to add NETGEAR BR500 to this created group and thus, the indicator light that we are activating the VPN network will turn on.
Now it is time to create the VPN users, for this, we open the side menu and access “ VPN Users ”. By clicking on the “+” symbol we can access the users we want.
In this way, we will have already reached the point where the client must proceed to configure their access.
Configure OpenVPN network on NETGEAR BR500 from firmware
Now it is time to explain how to create a network with OpenVPN directly from the router’s firmware through access through our web browser. Using this method we will not have the possibility to configure users or credentials and we will also need to activate the DNS service of the router so that the OpenVPN client can resolve the external IP address. Let’s start at the beginning.
We must keep in mind that to access the VPN that we create with this method, we will have to be located outside the local network, since it only allows remote access. We will not need to open router ports either.
To access the firmware of the router, the easiest thing to do is to open the Windows file explorer and go to the network section. The router icon will appear there so that, after double-clicking, we can access its interface. If it is the first access, we will have “ admin ” as the user and “ password ” as the password.
We go to the advanced firmware configuration section to directly access the “ dynamic DNS ” section. Here we will need to activate the top option to use dynamic DNS.
If we do not have NETGEAR DDNS, we will have to choose, for example, the No-IP service to create an account and a profile to create a domain. It will be as simple as creating a user account for us to place a name in the public IP address that the web detects.
We must bear in mind that, by default, the domain extension must be “ <name>.mynetgear.com ”, replacing <name> with whatever we want.
Next, we put the username, password, and hostname in the firmware form and click on “ Apply ”. After this, we can now access the “Open VPN ” section.
The work is simple, we will only have to click on “ open the VPN service ” and click on “ Apply ”. The other parameters will not need to be changed.
Configure VPN client
The next thing will be to click on the operating system that interests us from the list that we have, Windows, MacOSX, iPhone, or Android. A complete guide will appear on what we have to do in order to correctly configure our OpenVPN client.
We will click on the client download link, and then on the “ For Windows ” button to download the configuration.
Once we have downloaded and installed the client, as indicated in this small guide, we will have to modify the name of the network adapter that has been installed to access the VPN. To do this, press the “ Windows + R ” key combination and write the following command in the Run tool and then press Enter.
Right-click on the adapter named “ TAP-Windows Adapter V9 ” and click on “ Change name ”. Next, we put the name “ NETGEAR-VPN ”.
Now we open the other compressed file that we downloaded from the firmware. This contains the client configuration, so we will take all the files inside and paste them into the following path:
If out of curiosity, we open the “client” file, we will see all the configuration of access to the VPN network, such as domain, network adapter name, port, etc.
Finally, we open the main OpenVPN GUI program to perform the connection process. If everything goes well, we will already be inside the VPN network.
Conclusion on creating a VPN with NETGEAR BR500
As we have seen, there are two ways to create a VPN network with our NETGEAR BR500 router. Although it is true that using Insight, it is much safer to connect than with OpenVPN, since we can manage the credentials of the users we want to enter and the encryption will be variable.
The encryption method is stronger in Insight, and the process is more intuitive to follow. Because of this, we strongly recommend that we use this method instead of the previous one. Without a doubt, NETGEAR has done a good job of integrating with its cloud to provide us with configuration options as interesting as these, without the need to open ports or access the router’s firmware.
The possibility of doing the same procedure with the application on a Smartphone closes the circle. Any user with minimal knowledge of VPN will be able to create their own with just a few clicks. Of course, first, you will have to carry out the Insight Cloud activation procedure and insert the router into it, a process that is even more complex than creating the VPN.
We hope this tutorial has been interesting for those users who want to know the whole process of creating this type of network. If you have had any problems or want to leave your opinion about these NETGEAR solutions, write us in the comments.