NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Cannot connect to open ports when using Orbi Router.
I am currently having an issue connecting to an open port for work.
Layout example:
Work server has Global IP 23.24.25.26
Work server has port 500 open for that IP.
We use that IP/Port combo to connect to our work software when working from home or remote.
We have been connecting to this successfully for months with no issue.
The problem now, for some reason, is that we have an Orbi (remote site), and I cannot connect to my server.
Things I have tried:
1. Using my phone hotspot (Result = can connect to server)
2. Disconnecting the ethernet Modem <-> Orbi, and switch it out for Modem <-> PC (Result = works; note remote site modem = not modem as the hosting local server).
3. Reset Orbi as factory default / update firmwares (Result = we can access the internet normally, but we cannot connect to any port based software)
4. When connected to the Orbi... the command prompt command "telnet 23.24.25.26 500" will not connect and give me an error.
5. When connected to ANY OTHER INTERNET (exc. work local server internet), the same telnet command will work.
6. Canyouseeme.org also shows port open.
The issue is not with the port forwarding. It has been port forwarded for months and it still works; it has to do something in between the router to laptop/phone devices, where connecting to any open port will result in failure.
Any clues?
Thanks
7 Replies
escop wrote:I am currently having an issue connecting to an open port for work.
Layout example:
Work server has Global IP 23.24.25.26
Work server has port 500 open for that IP.
We use that IP/Port combo to connect to our work software when working from home or remote.
We have been connecting to this successfully for months with no issue.
The problem now, for some reason, is that we have an Orbi (remote site), and I cannot connect to my server.
Things I have tried:
1. Using my phone hotspot (Result = can connect to server)
2. Disconnecting the ethernet Modem <-> Orbi, and switch it out for Modem <-> PC (Result = works; note remote site modem = not modem as the hosting local server).
3. Reset Orbi as factory default / update firmwares (Result = we can access the internet normally, but we cannot connect to any port based software)
4. When connected to the Orbi... the command prompt command "telnet 23.24.25.26 500" will not connect and give me an error.
5. When connected to ANY OTHER INTERNET (exc. work local server internet), the same telnet command will work.
6. Canyouseeme.org also shows port open.
The issue is not with the port forwarding. It has been port forwarded for months and it still works; it has to do something in between the router to laptop/phone devices, where connecting to any open port will result in failure.
I, also so port 500 reported as being 'filtered' (i.e. some process is accepting connections on the work server).
My attempt to telnet also fails, However, port 500 is commonly used for VPN connections, not telnet. Is the actual connection to the work server a VPN connection?
When the Orbi system was installed, did it replace a previous WiFi system?
What, exactly, is the ISP modem? is it "just a modem", or a combination modem/router?
CrimpOn wrote:
I, also so port 500 reported as being 'filtered' (i.e. some process is accepting connections on the work server).My attempt to telnet also fails, However, port 500 is commonly used for VPN connections, not telnet. Is the actual connection to the work server a VPN connection?
When the Orbi system was installed, did it replace a previous WiFi system?
What, exactly, is the ISP modem? is it "just a modem", or a combination modem/router?
It is not port 500, the ip/port provided is just an example. I rather not provide the real numbers out of security concern.
The real IP/Port does not matter in this situation, as I can connect to it perfectly fine when NOT using internet provided by the Orbi (aka cell phone hotspot or literally any other WiFi).
It is also open on canyouseeme.Connection to my work server does not require a VPN nor does it use one anywhere in between.
The Orbi is the only router here, not replacing anything old (and even in the case it did, I had factory reset it anyways as part of troubleshooting).
The ISP Modem is a Spetrum EU2251, which only provides 1 internet ethernet port (for router). By itself, it does not broadcast any WiFi, and given if I didn't connect any router into that slot, only one device would be able to use the internet if connected directly.
Also note that this model of modem does not have its own portal at 192.168.1.1 / 192.168.0.1 (Confirmed by Spectrum today when I had it serviced, just to find out the issue wasn't with the Modem).
escop wrote:
CrimpOn wrote:It is not port 500, the ip/port provided is just an example. I rather not provide the real numbers out of security concern.
The real IP/Port does not matter in this situation, as I can connect to it perfectly fine when NOT using internet provided by the Orbi (aka cell phone hotspot or literally any other WiFi).
It is also open on canyouseeme.Connection to my work server does not require a VPN nor does it use one anywhere in between.
The Orbi is the only router here, not replacing anything old (and even in the case it did, I had factory reset it anyways as part of troubleshooting).
The ISP Modem is a Spectrum EU2251, which only provides 1 internet ethernet port (for router). By itself, it does not broadcast any WiFi, and given if I didn't connect any router into that slot, only one device would be able to use the internet if connected directly.
Also note that this model of modem does not have its own portal at 192.168.1.1 / 192.168.0.1 (Confirmed by Spectrum today when I had it serviced, just to find out the issue wasn't with the Modem).
Thanks for the explanation. (On a side note: when images are placed "in-line" using the Photos icon in the menu bar, they do not appear to other users until approved by a forum moderator, which can take hours or days.) When images are attached using the Browse button in the lower left, they are available immediately. This causes so much confusion that I wich Netgear would take the Photos icon away.)
This Orbi does not have Armor or Parental Controls enabled, correct?
The typical layer 4 protocol for port 500 used in VPN connections is UDP and not TCP. Telnet only works with protocol TCP, hence the connection to UDP 500 will never connect by just using telnet as telnet is trying to use the TCP protocol.
Now, the issue with the Orbi is probably because it is setup to do port address translation (PAT), a form of network address translation (NAT), and the VPN has not been configured to accommodate NAT-Traversal. This is a fairly common issue with remote hosts connecting to a VPN server when the remote host is behind a PAT. Teh config to allow NAT-T has to be done server side and also be enabled client side, but the how to do it will depend on the VPN product being used.
More on NAT-T here for IPSec: wikipedia
IPsec
IPsec virtual private network clients use NAT traversal in order to have Encapsulating Security Payload packets traverse NAT. IPsec uses several protocols in its operation which must be enabled to traverse firewalls and network address translators:
Internet Key Exchange (IKE) – User Datagram Protocol (UDP) port 500
Encapsulating Security Payload (ESP) – IP protocol number 50
Authentication Header (AH) – IP protocol number 51
IPsec NAT traversal – UDP port 4500, if and only if NAT traversal is in use
Many routers provide explicit features, often called IPsec Passthrough.In Windows XP, NAT traversal is enabled by default, but in Windows XP with Service Pack 2 it has been disabled by default for the case when the VPN server is also behind a NAT device, because of a rare and controversial security issue.[6] IPsec NAT-T patches are also available for Windows 2000, Windows NT and Windows 98.
NAT traversal and IPsec may be used to enable opportunistic encryption of traffic between systems. NAT traversal allows systems behind NATs to request and establish secure connections on demand.
My bad for not reading the thread that you are not using VPN.
It could be MTU size or maybe that the port you use is somehow already port forwarded somewhere else.
Yes I am also facing the similar issues regarding orbi router when ever I try to connect it with my device I need help to fix this issue even I dont know why its happening like this.
Hi just an update.
The spectrum (modem) guy came and fixed everything on my ESP end.
When connected directly to the modem (it requires a reboot everytime ethernet is switched, I was unaware), I can ping my server and connect to it normally.When connected to Orbi with confirmed working modem, I can no longer ping it.
After numerous workarounds the only thing that worked was using another router to the modem (old netgear router), and using AP mode on the Orbi.
