Accessibility Resource Center Skip to main content
Have a phone you love? Get up to $500 when you switch and bring your phone.

FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

SOLVED
Reply
compsult
Contributor
Contributor
Posts: 3
Registered: ‎10-30-2016

FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

Message 1 of 5
(7,596 Views)

After spending over 16 hours trying to get openVPN to work (including a call to level 2 support, which gave inaccurate, unhelpful information), I finally found the answer here ->  https://www.dslreports.com/forum/r30964836-Networking-FIOS-Quantum-Gateway-router-G1100-issue-with-L...

 

Normally, you should be able to port forward like this source port = 1194, destination port = 1194. Because of the firmware bug in the FIOS Gateway FIOS-G1100, you have to make the source port = "Any" 

Obviously, this is a security concern because it is less restrictive than setting the  port to 1194. 

 

In conclusion

 

Anyone who is trying to port forward for openVPN:

  1. set the source port to "Any"
  2. set the destination port to 1194 (or a another port, if you have configured openVPN to use another port)

 

Here is an example configuration

fios.png

1 ACCEPTED SOLUTION

Accepted Solutions
Smith6612
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,583
Registered: ‎12-15-2010

Re: FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

Message 4 of 5
(7,532 Views)

So the reason why this works is due to the way most networked programs function. Programs rely on Listener ports and Ephemeral ports. In this case, a VPN client you're trying to permit through the router to a server on your network, will make a request from an Ephemeral port, usually a 5 digit port number, and something which is completely random/unknown. Unless the application is otherwise designed to communicate FROM a specific port at all time, the rule "Any" for Source will be required.

 

The Destination simply tells the router what host to send traffic destined for a certain port, to.

 

An example here is OpenVPN will make a connection from Client port 35564 to Port 1194. On the next connection attempt, OpenVPN will make a connection from Client port 25463 to Port 1194.

 

The only way a rule with 1194 > 1194 will work is if OpenVPN always makes a connection attempt from Port 1194 on the client to Port 1194.

View solution in original post

4 REPLIES 4
viafax999
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,159
Registered: ‎11-10-2009

Re: FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

Message 2 of 5
(7,567 Views)

Don't think that is anything specific to the G1100.

Port forwarding on all the fios routers I've ever used has been the source port defined as ANY and the destination the port you are forwarding.

compsult
Contributor
Contributor
Posts: 3
Registered: ‎10-30-2016

Re: FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

Message 3 of 5
(7,565 Views)

I didn't save my config from the ActionTec router but if memory serves, I used source port as 1194, not "All"

 

And even if this is typical for FIOS routers, best security practice is to disallow everything but what you specifically need to allow. A router/firewall should enable you to use the most restrictive rule possible

Smith6612
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,583
Registered: ‎12-15-2010

Re: FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

Message 4 of 5
(7,533 Views)

So the reason why this works is due to the way most networked programs function. Programs rely on Listener ports and Ephemeral ports. In this case, a VPN client you're trying to permit through the router to a server on your network, will make a request from an Ephemeral port, usually a 5 digit port number, and something which is completely random/unknown. Unless the application is otherwise designed to communicate FROM a specific port at all time, the rule "Any" for Source will be required.

 

The Destination simply tells the router what host to send traffic destined for a certain port, to.

 

An example here is OpenVPN will make a connection from Client port 35564 to Port 1194. On the next connection attempt, OpenVPN will make a connection from Client port 25463 to Port 1194.

 

The only way a rule with 1194 > 1194 will work is if OpenVPN always makes a connection attempt from Port 1194 on the client to Port 1194.

View solution in original post

compsult
Contributor
Contributor
Posts: 3
Registered: ‎10-30-2016

Re: FIOS Gateway FIOS-G1100 ***FIRMWARE BUG*** and how to workaround

Message 5 of 5
(7,526 Views)

Thank you for the information, this is far more useful than what I was given over the phone. I thought that the source port was the WAN port that would receive the packets and the destination was the port it sent it to on the destination machine. Clearly, I was wrong about that.

 

The extremely frustrating aspect of this was,  if the incoming port needs to be set to "Any", Verizon Level 1 and Level 2 support should have been able to quickly diagnose and provide instructions on solving it. 

 

Also, since not everyone is familiar with ephemeral ports, the manual should specify that the source port needs to be "Any" in the Port Forwarding or the Advanced Port Forwarding  instructions (http://www.verizon.com/about/sites/default/files/fios-qgr-userguide140925.pdf - pages 96-98).

 

Come to think of it, how many applications can/do control their client side outgoing port? Why not make the Port Forwarding source port be set to "Any" and have a pop up warning for anyone who wants to change it?

 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.
Modal Dialogue Title