MI424WR Gen 2, Rev E - trying to VPN from home to work (PPTP)
Coop11
Enthusiast - Level 2

I have seen a lot of (old) traffic on issues with VPN. Yes I know PPTP is insecure. Happy to take a solution for L2TP, but am at mercy of office.

I have had FiOS service undisturbed for years, and like to live be the rule, if it ain't broke, don't fix it. I spent a lot of time thoroughly debugging initial install to get advertising 50/50 mbps speed throughout home.

Given what i see posted on the new FioS Quantum gateways, I am pretty concerned about trying an upgrade! So if I can avoid it at all, I am looking for help.

1) does anyone know if there is a supported config on the RevE to support a client VPN scenario from Windows 10 client to Win 2008, Ras based VPN target, where both systems behind NAT gateways? We did the registry changes on both sides already to try and support this.

From client end, despite low firewall settings and port forwarding rules such as GRE, other protocols, it NEVER sees a response from the remote host. although logs there (at remote site) show it's trying to talk back to client.

2) if the problem is the router and no support, any advice on whether it's possible to purchase a compatible model for FiOS service, in order to  avoid over-priced rent?

i.e. which make/models support FiOS?

thanks

0 Likes
Re: MI424WR Gen 2, Rev E - trying to VPN from home to work (PPTP)
smith6612
Community Leader
Community Leader

Is there a possibility that the two networks use the same subnet? For example, if both ends talk behind NAT via a 192.168.1.0/24 address space, this is known to break VPNs and other tunnels.

Maybe try changing the IP addres space your home network uses. 192.168.2.0/24 might be the trick.

If that's the case, and others are seeing issues with the VPN, it might not hurt to consider getting the office's network re-IPd to something more home network friendly.

Additionally, a lot of routers have ALG support, which specifically can mess with PPTP tunnels. Disabling the ALG support often fixes the problem. This is likely found in the router's Advanced settings.

0 Likes
Re: MI424WR Gen 2, Rev E - trying to VPN from home to work (PPTP)
Coop11
Enthusiast - Level 2

thanks for the response

NAT collision is not the issue, checked it. 

different # schemes at office vs home

also connected client direct to router, to ensure other intermediate (double-NAT) devices not causing an issue

modified registries on both client and server (as per numerous Windows related postings) to support NAT on each side of connection, as long as no address collision.

I'll look into ALG and post further

0 Likes
Re: MI424WR Gen 2, Rev E - trying to VPN from home to work (PPTP)
Coop11
Enthusiast - Level 2

SIP-ALG is set to disabled, and i have never fiddled with it. So that's not it.

0 Likes
Re: MI424WR Gen 2, Rev E - trying to VPN from home to work (PPTP)
Coop11
Enthusiast - Level 2

also, the firewall on the router is set NOT to interfere with fragmented packets.

A note on other testing / workaround scenarios...

testing with a Mac laptop running OS Sierra shows that

1) connecting from my network to 3rd party L2TP provider justfreevpn works

2) connecting to my work VPN does not work (the VPN server is set up in theory to support either PPTP or L2TP, and testing by other users does not indicate any problems for them)

OS X Sierra dropped support for PPTP due to security, so PPTP not testable from mac

In testing L2TP, fiddling with the logging on the mac, it appears that the IPsec negotiation either fails outright or times out when trying to connect to work VPN.

When going to the 3rd party L2TP VPN service provider from mac, logs indicate things progress past the IPsec negotiation. Going to work VPN this craps out, early in the process and I get an error about couldn't connect...

This behavior is suggestive to me it may not be the router alone, but specific to something about the pair of my router/ISP and the configuration of the target VPN server?

0 Likes
Re: MI424WR Gen 2, Rev E - trying to VPN from home to work (PPTP)
Coop11
Enthusiast - Level 2

quick update

your suggestion has not solved the problem, but I do appreciate it.

Additionally, I have now tried an upgrade from Windows 10 Home to Windows 10 Pro on the off chance that might have affected VPN support and to eliminate possibilities (as colleagues at work who use Windows 10 and VPN successfully all have Pro). However, this has made no difference. The behavior between Windows 10 Home or Pro is exactly the same. I did try deleting all VPNs and further using Device manager to delete all WAN miniports (there were no hidden ones), and then re-scanning to re-create the WAN miniports, and redefining the VPNs. All this was after the upgrade to Pro. It made no difference.

0 Likes