07-31-2017 12:04 PM
I have seen a lot of (old) traffic on issues with VPN. Yes I know PPTP is insecure. Happy to take a solution for L2TP, but am at mercy of office.
I have had FiOS service undisturbed for years, and like to live be the rule, if it ain't broke, don't fix it. I spent a lot of time thoroughly debugging initial install to get advertising 50/50 mbps speed throughout home.
Given what i see posted on the new FioS Quantum gateways, I am pretty concerned about trying an upgrade! So if I can avoid it at all, I am looking for help.
1) does anyone know if there is a supported config on the RevE to support a client VPN scenario from Windows 10 client to Win 2008, Ras based VPN target, where both systems behind NAT gateways? We did the registry changes on both sides already to try and support this.
From client end, despite low firewall settings and port forwarding rules such as GRE, other protocols, it NEVER sees a response from the remote host. although logs there (at remote site) show it's trying to talk back to client.
2) if the problem is the router and no support, any advice on whether it's possible to purchase a compatible model for FiOS service, in order to avoid over-priced rent?
i.e. which make/models support FiOS?
07-31-2017 07:26 PM - edited 07-31-2017 07:27 PM
Is there a possibility that the two networks use the same subnet? For example, if both ends talk behind NAT via a 192.168.1.0/24 address space, this is known to break VPNs and other tunnels.
Maybe try changing the IP addres space your home network uses. 192.168.2.0/24 might be the trick.
If that's the case, and others are seeing issues with the VPN, it might not hurt to consider getting the office's network re-IPd to something more home network friendly.
Additionally, a lot of routers have ALG support, which specifically can mess with PPTP tunnels. Disabling the ALG support often fixes the problem. This is likely found in the router's Advanced settings.
07-31-2017 08:07 PM
thanks for the response
NAT collision is not the issue, checked it.
different # schemes at office vs home
also connected client direct to router, to ensure other intermediate (double-NAT) devices not causing an issue
modified registries on both client and server (as per numerous Windows related postings) to support NAT on each side of connection, as long as no address collision.
I'll look into ALG and post further
08-01-2017 08:16 AM
also, the firewall on the router is set NOT to interfere with fragmented packets.
A note on other testing / workaround scenarios...
testing with a Mac laptop running OS Sierra shows that
1) connecting from my network to 3rd party L2TP provider justfreevpn works
2) connecting to my work VPN does not work (the VPN server is set up in theory to support either PPTP or L2TP, and testing by other users does not indicate any problems for them)
OS X Sierra dropped support for PPTP due to security, so PPTP not testable from mac
In testing L2TP, fiddling with the logging on the mac, it appears that the IPsec negotiation either fails outright or times out when trying to connect to work VPN.
When going to the 3rd party L2TP VPN service provider from mac, logs indicate things progress past the IPsec negotiation. Going to work VPN this craps out, early in the process and I get an error about couldn't connect...
This behavior is suggestive to me it may not be the router alone, but specific to something about the pair of my router/ISP and the configuration of the target VPN server?
08-08-2017 07:56 AM
your suggestion has not solved the problem, but I do appreciate it.
Additionally, I have now tried an upgrade from Windows 10 Home to Windows 10 Pro on the off chance that might have affected VPN support and to eliminate possibilities (as colleagues at work who use Windows 10 and VPN successfully all have Pro). However, this has made no difference. The behavior between Windows 10 Home or Pro is exactly the same. I did try deleting all VPNs and further using Device manager to delete all WAN miniports (there were no hidden ones), and then re-scanning to re-create the WAN miniports, and redefining the VPNs. All this was after the upgrade to Pro. It made no difference.