NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Nighthawk rs700 VPN vs Nighthawk R9000
Good morning Everyone,
Systems: Windows 11 Pro 23H2, Marvell AQton 10gb nic and on the second machine Windows 11 Pro 23H2, Intel X550-T2 nic.
I have noticed that switching from my Nighthawk r9000 to the Nighthawk rs700 my Windows VPN no longer works. I compared the setting in both routers and on the r9000 I do not have port forwarding, nor have I setup a DMZ or a vpn service. But the VPN connects.
With the same settings, the RS700 does not connect. I have tried port forwarding of both ports 1723 and 47, tried setting up a dmz and tried setting up a vpn service. None of which allowed me to connect to the remote vpn service.
I tried to connect on two separate machines neither being successful. The vpn I am trying to connect to requires a login then I receive a phone call to confirm my authority. With the RS700, I do not receive a phone call and the vpn throws an error.
Between router switches, tried I removed the Wan Miniports just in case these were the fault, but it had no impact.
Both the R9000 and the RS700 have the most recent firmware (V1.0.5.42 and V1.0.7.82 respectively). With R9000 being set to factory default setting, the VPN works, with the RS700 (also at factory default) it does not.
I installed Wireshark and did a packet capture while connecting to the VPN using both routers. What I find peculiar is that with the R9000 I see PPP Chap and GRE packets. However, I do not see any PPP Chap or GRE packets with the RS700.
Surely there is some obscure setting I am overlooking.
Has anyone run into this before?
4 Replies
Is this your setup:
* Windows PC connected to RS700's WiFi or LAN ports
* The VPN client on the Windows PC cannot connect to a VPN server/network on the Internet?
For that setup, you should not need Port Forwarding, DMZ, or the router's VPN service.What is the VPN service you use? NordVPN, SharkVPN, ExpressVPN...?
Good morning,
I believe our company uses Microsoft's built in vpn server. When I reviewed the packets (using the old router) I see references to Microsoft Azure. I believe they are using Azure for a two factor authentication.
The pc's are connected to an XS728T Prosafe switch( wired). The switch is connected to the 10gb port on the two routers (wired).
I do not have a secondary VPN service with 2fa to test. However, when I watch the vpn login process, it appears as though I successfully login to our server. It seems to fail when it starts using the Challenge Handshake Authentification Protocol. Which is consistent with the observed behaviour seen using Wireshark
Using the older Nighthawk it works seemlessly with no tweaking. With the new Nighthawk, it doesn't work under any configuration I can conceive. I the only setting i hadn't tried was setting the router setting "Respond to Ping on the Internet Port". I tried this morning to no avail.
It appears to me that the Nighthawk WIFI 7 Router is blocking the protocols (CHAP and/or GRE). Of course there is no setting that I can see that confirms or refutes my position. Access control is disabled, there are no blocked sites or services. There is no firewall or antivirus getting in the way.
I disabled its' Armor protection as a first step.
I also tried downgrading the firmware to the prior two versions (V1.0.7.66 and V1.0.7.80) but it did not change the behaviour.
A head scratcher for sure.
Gee
Hi Gee,
Can you try to disable the Dos Protection to see if it helps? You can find the setting from the RS700's Web GUI:
Advanced Tab / Setup / WAN Setup: check the option "Disable Port Scan and DoS Protection".
I will send you a PM for some instructions to collect more debug logs. Thanks.