- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to connect to my work VPN through our new G3100 router that Verizon sent us to replace our old Quantum router. The new router is fine, aside from consistently dropping internet on my work laptop as soon as I try to connect to the VPN. This issue never occurred with the old Quantum router on the same exact service, or any other router I've ever used before, Verizon or otherwise. I am the only person at my company experiencing issues with the VPN, and I can still connect at other locations or with the old Quantum router without any problems. I have attempted split-tunneling, which makes it appear to be connected and it still has internet, but I still can't access my office's network drive, which is the whole point of the VPN.
I think what I need to do is enable port forwarding for TCP 1723 and GRE since this is a PPTP connection (according to our IT guys), but I can't figure out a way to enable GRE in this router's interface.
Both my company's IT and Verizon tech support have been essentially useless in helping me figure this out. Any advice on how to do this, or something else to try, would be greatly appreciated. Thanks!
Solved! Go to Correct Answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When running Wireshark, filter down the capture to only your VPN traffic. If the VPN only has one IP address it could be connected to, filter by that IP. Then make sure you're capturing on the network interface supplying your data connection (Ethernet, WiFi) and not the VPN tunnel. Start your Capture, Connect the VPN then try to connect to something. Stop your capture once you feel you've demonstrated the problem.
Uploading a copy of the pcapng file somewhere and DMing it to one of us to look at will help out as well.
Some considerations with VPNs, especially PPTP VPNs. Make sure your VPN client, or computer, has the correct forwarding data in the computer's routing table. If forwarding rules are incorrect and tailored to your old router, that would cause a failure. A lot of PPTP VPNs require manual configuration. Second, make sure the gateway IP and subnet for your G3100 router network does not match that of the VPN, or you're not going to be able to route.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GRE is a layer 3 protocol, same level as TCP so you cannot port forward a specific port for GRE.
You need to configure the G3100 for port triggering (not just port forwarding). The incoming port is TCP 1723 then triggers the router to open GRE protocol.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, that makes sense, thank you!
To be clear, will I still need to set up a port forwarding rule in addition to this, or will this take care of it on its own?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Outgoing Trigger Ports should take care of the port forwarding.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately, after putting in the port trigger and rebooting the router, I still get kicked off of the internet as soon as I try to connect to the VPN. I have confirmed that the VPN is in fact PPTP by connecting to it from another location and checking in network settings, so I'm surprised it still isn't working. Any other ideas would be much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
🤔Humm.... The difference between G3100 and G1100 is that G3100 supports meshed WiFi 802.11s and WiFi 6 (so called by others, I dislike this name) 802.11ax, can tag traffic in LAN to E3200's Guest WiFi, and has a better MoCA version of 2.5.
802.11, 802.3, and MoCA are all layer 2 protocols, they should not have any effect on VPN PPTP, though they can affect L2PT.
Generic Routing Encapsulation is a layer 3 protocol. It is defined for IPv4 currently, no recommendation for IPv6 currently by IEEE. Talking about this, G3100 has more IPv6 features than G1100. If your device automatically decides to get an IPv6 Address, that might be a problem. I suggest you to disable IPv6 on G3100 completely if it is enabled. This procedure might disconnect all IPv6 devices. From my experience, some HP printers prefer IPv6 over IPv4, so suddenly disable IPv6 in LAN might cause multiple devices losing connection and perhaps requires manual setup on each.
IPv6 Configuration is kind of scattered around several pages on G3100, you might need to play around the settings if you are not familiar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm pretty sure I've completely disabled IPv6 and still no luck, I'm afraid. I do appreciate the time and thought you're giving to my current nightmare, though!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
😴Good morning. Do you how to use WireShark? Can you grab the ethernet packets right before the connection is lost? I want to see them if you can share them here.
I might need some deep level analysis of the situation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not allowed to insert images on the forum apparently 🙄 so here is a link to the WireShark feed at the moment I tried to connect to the VPN: https://imgur.com/a/XNBfSlZ
I ran a test earlier on a different network for comparison, and the first difference I notice is that there were no red, pink, or dark blue lines when it was successful, only light blue and white. I know nothing about networking so I hope this is what you were looking for. Thanks again for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@MyCabbages wrote:
I'm not allowed to insert images on the forum apparently 🙄 so here is a link to the WireShark feed at the moment I tried to connect to the VPN: https://imgur.com/a/XNBfSlZ
You should be able to insert images on the forum. A possible reason as to why they don't show up, they need to be approved by a mod/an admin.
Anyways I see an issue as to why that is happening.
If you are trying to connect to the VPN: With-in the company that you are trying to, it would help that the domain name is publicly valid. Spotted wpad.pwcompany.local
.local is not valid across the net.
If you are connected to the VPN: It would help that your DNS traffic is sent via the VPN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When running Wireshark, filter down the capture to only your VPN traffic. If the VPN only has one IP address it could be connected to, filter by that IP. Then make sure you're capturing on the network interface supplying your data connection (Ethernet, WiFi) and not the VPN tunnel. Start your Capture, Connect the VPN then try to connect to something. Stop your capture once you feel you've demonstrated the problem.
Uploading a copy of the pcapng file somewhere and DMing it to one of us to look at will help out as well.
Some considerations with VPNs, especially PPTP VPNs. Make sure your VPN client, or computer, has the correct forwarding data in the computer's routing table. If forwarding rules are incorrect and tailored to your old router, that would cause a failure. A lot of PPTP VPNs require manual configuration. Second, make sure the gateway IP and subnet for your G3100 router network does not match that of the VPN, or you're not going to be able to route.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Both port 1723 and GRE need to be forwarded, however that can’t be done at the Port Forwarding option. But a new protocol can be created, that includes both port 1723 and GRE. This can be done at the Port Forwarding Rules option under the Advanced section.
From the Home screen, click-on Advanced and Port Forwarding Rules
From the Port Forwarding Rules screen do the following:
Click-on Add.
Enter a name and description. I used VPN and PPTP (it doesn’t matter what you use)
Click-on Add server ports and select
Protocol: TCP
Source Ports: Any
Destination Ports: Single
Enter: 1723
Click-on Add
Click-on Add server ports again and select
Protocol: GRE
Click-on Add
Click-on Apply
We are done at the Port Forwarding Rules screen
From the Home screen, Click-on Firewall, and Port Forwarding
From the “Select IP from menu” drop-down, select IP address you want to forward to
From the “Application To Forward” drop-down, select VPN (or what ever name you used)
Click-on Add
Click-on Apply
We are done.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you BobAtVdm for sharing the configuration. Are you hosting a VPN server? I think these port forwarding rules are necessary when you are hosting VPN servers.
Does this work when you have multiple clients connecting to different sessions or different VPN servers?
