PPTP VPN Issues with G3100 Router
MyCabbages
Enthusiast - Level 2

I am trying to connect to my work VPN through our new G3100 router that Verizon sent us to replace our old Quantum router. The new router is fine, aside from consistently dropping internet on my work laptop as soon as I try to connect to the VPN. This issue never occurred with the old Quantum router on the same exact service, or any other router I've ever used before, Verizon or otherwise. I am the only person at my company experiencing issues with the VPN, and I can still connect at other locations or with the old Quantum router without any problems. I have attempted split-tunneling, which makes it appear to be connected and it still has internet, but I still can't access my office's network drive, which is the whole point of the VPN.

think what I need to do is enable port forwarding for TCP 1723 and GRE since this is a PPTP connection (according to our IT guys), but I can't figure out a way to enable GRE in this router's interface.

Both my company's IT and Verizon tech support have been essentially useless in helping me figure this out. Any advice on how to do this, or something else to try, would be greatly appreciated. Thanks!

Tags (3)
0 Likes
1 Solution

Correct answers
Re: PPTP VPN Issues with G3100 Router
smith6612
Community Leader
Community Leader

When running Wireshark, filter down the capture to only your VPN traffic. If the VPN only has one IP address it could be connected to, filter by that IP. Then make sure you're capturing on the network interface supplying your data connection (Ethernet, WiFi) and not the VPN tunnel. Start your Capture, Connect the VPN then try to connect to something. Stop your capture once you feel you've demonstrated the problem.

Uploading a copy of the pcapng file somewhere and DMing it to one of us to look at will help out as well. 

Some considerations with VPNs, especially PPTP VPNs. Make sure your VPN client, or computer, has the correct forwarding data in the computer's routing table. If forwarding rules are incorrect and tailored to your old router, that would cause a failure. A lot of PPTP VPNs require manual configuration. Second, make sure the gateway IP and subnet for your G3100 router network does not match that of the VPN, or you're not going to be able to route. 

View solution in original post

Re: PPTP VPN Issues with G3100 Router
Cang_Household
Community Leader
Community Leader

GRE is a layer 3 protocol, same level as TCP so you cannot port forward a specific port for GRE.

You need to configure the G3100 for port triggering (not just port forwarding). The incoming port is TCP 1723 then triggers the router to open GRE protocol.

image

Re: PPTP VPN Issues with G3100 Router
MyCabbages
Enthusiast - Level 2

Ok, that makes sense, thank you!

To be clear, will I still need to set up a port forwarding rule in addition to this, or will this take care of it on its own?

Re: PPTP VPN Issues with G3100 Router
Cang_Household
Community Leader
Community Leader

Outgoing Trigger Ports should take care of the port forwarding.

Re: PPTP VPN Issues with G3100 Router
MyCabbages
Enthusiast - Level 2

Unfortunately, after putting in the port trigger and rebooting the router, I still get kicked off of the internet as soon as I try to connect to the VPN. I have confirmed that the VPN is in fact PPTP by connecting to it from another location and checking in network settings, so I'm surprised it still isn't working. Any other ideas would be much appreciated.

Re: PPTP VPN Issues with G3100 Router
Cang_Household
Community Leader
Community Leader

🤔Humm.... The difference between G3100 and G1100 is that G3100 supports meshed WiFi 802.11s and WiFi 6 (so called by others, I dislike this name) 802.11ax, can tag traffic in LAN to E3200's Guest WiFi, and has a better MoCA version of 2.5.

802.11, 802.3, and MoCA are all layer 2 protocols, they should not have any effect on VPN PPTP, though they can affect L2PT.

Generic Routing Encapsulation is a layer 3 protocol. It is defined for IPv4 currently, no recommendation for IPv6 currently by IEEE. Talking about this, G3100 has more IPv6 features than G1100. If your device automatically decides to get an IPv6 Address, that might be a problem. I suggest you to disable IPv6 on G3100 completely if it is enabled. This procedure might disconnect all IPv6 devices. From my experience, some HP printers prefer IPv6 over IPv4, so suddenly disable IPv6 in LAN might cause multiple devices losing connection and perhaps requires manual setup on each.

IPv6 Configuration is kind of scattered around several pages on G3100, you might need to play around the settings if you are not familiar.

Re: PPTP VPN Issues with G3100 Router
MyCabbages
Enthusiast - Level 2

I'm pretty sure I've completely disabled IPv6 and still no luck, I'm afraid. I do appreciate the time and thought you're giving to my current nightmare, though!

Re: PPTP VPN Issues with G3100 Router
Cang_Household
Community Leader
Community Leader

😴Good morning. Do you how to use WireShark? Can you grab the ethernet packets right before the connection is lost? I want to see them if you can share them here.

I might need some deep level analysis of the situation.

Re: PPTP VPN Issues with G3100 Router
MyCabbages
Enthusiast - Level 2

I'm not allowed to insert images on the forum apparently 🙄 so here is a link to the WireShark feed at the moment I tried to connect to the VPN: https://imgur.com/a/XNBfSlZ

I ran a test earlier on a different network for comparison, and the first difference I notice is that there were no red, pink, or dark blue lines when it was successful, only light blue and white. I know nothing about networking so I hope this is what you were looking for. Thanks again for your help!

Re: PPTP VPN Issues with G3100 Router
dslr595148
Community Leader
Community Leader

@MyCabbages wrote:

I'm not allowed to insert images on the forum apparently 🙄 so here is a link to the WireShark feed at the moment I tried to connect to the VPN: https://imgur.com/a/XNBfSlZ


You should be able to insert images on the forum. A possible reason as to why they don't show up, they need to be approved by a mod/an admin.

Anyways I see an issue as to why that is happening.

If you are trying to connect to the VPN: With-in the company that you are trying to, it would help that the domain name is publicly valid. Spotted wpad.pwcompany.local

.local is not valid across the net.

If you are connected to the VPN: It would help that your DNS traffic is sent via the VPN.