NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WNR1000-v2 PPTP-VPN (GRE) issue: losing incoming packets
Hi,
I tried many different things after extensive Googling and customer support calls. But I think it's better to ask here.
Basically, I cannot get a VPN going, as I don't receive the server's response. As friends nearby can access the VPN via the same ISP, I suspect the router. I tried many different configurations for port forwarding (50,51,500,1723) and security (respond to ICMP pings, MTU=1436, open NAT filtering, even a DMZ), but none got it work.
(My firmware is V1.0.0.12NA, and the hardware version is WNR1000v2-VC -- yes, a Comcast-customized version, and it already got me Netgear and Comcast pointing fingers at each other instead of either giving me any help...)
Could have you some more suggestions, please? Or feel free to ask me for more details.
Thanks for any help!
PS/FYI/FWIW:
I had this helpful comment from the other endpoint once: "The most common VPN connection problems are caused by a firewall or router, that is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47) to our VPN Server (ras.ibt.ku.dk or vpn.ibt.ku.dk – 130.225.116.19). In that case, ask the IT-department at your location to check their overall firewall settings (not just the local Windows Firewall) whether they allow GRE, PPTP (port 1723) and SSTP (port 443) traffic or else the VPN connection will not work."
Also, when I had serviced a similar (?) problem at work, my IT guys had this comment after they got me the stuff working: "What is most likely happening is
that we are blocking the return GRE tunnel traffic on the wired networks.
In general, we do not block any egress traffic from the Harvard networks,
our Firewall/Router ACL's block ingress traffic (from external source).
The exception to this rule is the FAS wireless nets. I've updated the two ECON networks to allow GRE tunnels, please check to
see if this helps on your VPN connection?"
I tried many different things after extensive Googling and customer support calls. But I think it's better to ask here.
Basically, I cannot get a VPN going, as I don't receive the server's response. As friends nearby can access the VPN via the same ISP, I suspect the router. I tried many different configurations for port forwarding (50,51,500,1723) and security (respond to ICMP pings, MTU=1436, open NAT filtering, even a DMZ), but none got it work.
(My firmware is V1.0.0.12NA, and the hardware version is WNR1000v2-VC -- yes, a Comcast-customized version, and it already got me Netgear and Comcast pointing fingers at each other instead of either giving me any help...)
Could have you some more suggestions, please? Or feel free to ask me for more details.
Thanks for any help!
PS/FYI/FWIW:
I had this helpful comment from the other endpoint once: "The most common VPN connection problems are caused by a firewall or router, that is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47) to our VPN Server (ras.ibt.ku.dk or vpn.ibt.ku.dk – 130.225.116.19). In that case, ask the IT-department at your location to check their overall firewall settings (not just the local Windows Firewall) whether they allow GRE, PPTP (port 1723) and SSTP (port 443) traffic or else the VPN connection will not work."
Also, when I had serviced a similar (?) problem at work, my IT guys had this comment after they got me the stuff working: "What is most likely happening is
that we are blocking the return GRE tunnel traffic on the wired networks.
In general, we do not block any egress traffic from the Harvard networks,
our Firewall/Router ACL's block ingress traffic (from external source).
The exception to this rule is the FAS wireless nets. I've updated the two ECON networks to allow GRE tunnels, please check to
see if this helps on your VPN connection?"
7 Replies
- To be upfront about this, I found this discouraging note in a Comcast forum. That said, I'd rather try some things first before I negotiate with roommates on the hardware upgrade.
Problem: The netgear WNR1000v2 router is actually different to the WNR series, made on the cheap by neatgear to give to comcast who won a bid on a " lot " of them.
Comcast then decided to tell the users " you will never update this thing " by rebuilding the firmware on a really archaic version of ubuntu linux, and did so to alter the boot loader for the formware to prevent firmware updates by the user... - there is BUNCH of ISP does what called branded firmware.
just buy retail version of router instead of purchasing from ISP - There's vey little we can do to help with custom ISP firmware - is there anything on VPN passthrough in the setup pages?
- Oh, great question.
The release note of the last firmware update does mention it as "fixed"! But nothing about the GRE tunnel.
It's just embarrassing that the router is not that much dumbed down (maybe it is for its release date). Is the GRE tunnel a feature that is tricky to implement and the Comcast guys just never put it in or screwed it up with their build of OpenWRT for this?
I still suspect that something is simply not open what should be. Maybe it's still the build's fault though... - OK, thanks for your thoughts, just to be clear: it's not my router but my landlady's who allowed me to share the connection. Yes, I'm ready to buy a dual-band router for $40 (refurbished — dangerous?) if things come to that, but I would much prefer fixing the issue.
- branded firmware= whatever ISP wants in the firmware.
there is much to discuss. return and buy retail routers iLac wrote: OK, thanks for your thoughts, just to be clear: it's not my router but my landlady's who allowed me to share the connection. Yes, I'm ready to buy a dual-band router for $40 (refurbished — dangerous?) if things come to that, but I would much prefer fixing the issue.
refurb does NOT have one year warranty from NETGEAR
you will be LIMITED so I would suggest to buy NEW ONE
