AC66U: VPN (pptp), can't reconnect without pressing "Apply" on the "PPTP Server" page

[Moskus]

I'm trying to get VPN to work reliably with my AC66U router (love the Merlin firmware, btw. SNMP is awesome!).

I've looked at alot of guides and read the manual, but have yet to find a solution to this problem. I'm setting up VPN as countless descriptions tells me to do (I've tried different settings too, but the result is always the same).

I connect to the router via VPN and everything works fine. I've set the IP pool to be on the same subnet (not knowing better I suppose?) as I want to connect to other resources on that network. See screenshot:

I can connect just fine.

Then I disconnect, and try to reconnect. That does NOT work. I get this error message (using rasdial):
"Remote Access error 691 - The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server".

U-hu. I haven't changed the username and password (and the web admin pages confirms it is the same). I haven't changed anything regarding to authentication protocols either.

I have then found out that if I just navigate to VPN -> PPTP Server and just click "Apply", I can reconnect without problem.

That's not an ideal solution... am I doing something wrong, or is it a bug?

 

[Moskus]

Hm... it seems that turning off Samba support (and Broadcast) helped. I'll keep an eye on it.

What do I miss with Samba support off?

 

[Moskus]

No, that didn't do the trick either.

Anybody?
I'd love to have VPN working without too much problems.


EDIT: Aaaargh! This is driving me insane!

EDIT 2: I'm now trying multiple clients/computers. After one computer disconnects, noone can connect.

However, if I run "service start_pptpd" (I got it from here) after a disconnect, I can connect again.

 

[Moskus]

Really? Nobody is using VPN on Merlin?

 

[john9527]

Did you try going back to the original client address range instead of using your LAN subnet?

 

[Moskus]

Hmm... no, but I'll try that now.

If that's the case, is there an easy way to connect ranges 192.168.0 and 192.168.10? I'm sure there's written something about it, but I can't find anything I'm able to understand...

 

[Deleted member 27741]

I too have had issues with vpn rejecting quick reconnects. Maybe you are just going too fast. After you disconnect, give it a minute before reconnecting and see if that works.

I have no issues using the LAN subnet (the addresses I use are outside the DHCP range). Here are some of my vpn settings from windows perhaps they may be of use, since your pptp vpn settings are similar to mine. Under options/ppp settings only enable LCP extensions is checked. Under networking IPv6 is unchecked (I don't currently use IPv6). Nothing checked under sharing.

On your router web gui under LAN/DHCP server your IP pool starting address could be 192.168.0.1 and IP pool ending address 192.168.0.244. This leaves 244-251 for the pptp server, although I suspect your LAN ip range may be different than your pptp server already because the firmware warns you if your pptp id addresses are within the DHCP and I do not see that warning (the warning is still there on john's fork firmware, I assume it is still there for the rmerlin as well).

Once you get it all working, you may want to change your subnet to something other than 192.168.0.1-251 since that subnet is very common and can lead to issues down the road. The third number can be anything between 1 and 251, I would choose a number greater than 50 or so.

 

[Moskus]

No, I can wait for several hours, and it still won't connect. My DHCP range is from 192.168.0.100-244, and then the PPTP is from 245-254. If I reconnect right after I disconnect (within 30 seconds or so) it works. If I wait more than that, it fails. It's like the service is going down...

Changing the VPN IP pool back to the default 192.168.10.1-10 didn't help either.

I see you guys are on verison 374.something. I'm on 378.55. Is it possible to downgrade without much trouble?

 

[Deleted member 27741]

On your webgui under WAN/NAT passthrough is pptp passthrough enabled? In the old days I had to add ports 1723 (tcp) and 47 (other) pointed at my router local ip to get pptp working but with more current versions of the firmware that has not been necessary.

 

[Moskus]

On your webgui under WAN/NAT passthrough is pptp passthrough enabled? In the old days I had to add ports 1723 (tcp) and 47 (other) pointed at my router local ip to get pptp working but with more current versions of the firmware that has not been necessary.

Yes, PPTP, L2TP, IPSec, RTSP and H.323 is enabled. SIP and PPPoE is disabled.

 

[Deleted member 27741]

Did you try setting your client settings to what works for me (assuming you use windows 7 client)? Is there any possibility it is a DDNS issue? You could try under WAN/virtual server/port forwarding to forward port 1723 (tcp) and 47 (other) to your router's ip. Again, that is not necessary for me to have pptp working currently but with older versions of the firmware it helped. I hate to say this as well, but a reboot of router/computer could not hurt if you haven't done it (to recreate your iptables on both devices).

 

[Moskus]

I'm sorry, I didn't see your settings before now. I'm on Windows 10, but our settings looks the same, as far as I can see. It could be a DDNS issue, but I've turned broadcast off, and I'm not sure what else to look for.

I'm now trying OpenVPN. That seems to work flawlessly. It's a bit weird, though. After changing the base IP from 10.8.0.0 to 192.168.10.0, I can connect and even ping my NAS (192.168.0.5).

 

[Deleted member 27741]

Openvpn rocks. I like having pptp as a backup but openvpn is the way to go for me. You are connecting from the internet (outside your local network)? I have no issues connecting with pptp inside my local network, but that can sometimes be problematic. Depending on how you have openvpn setup you will receive a different subnet than the LAN and have access to LAN resources- that is normal behaviour for a TUN openvpn connection.

 

[Moskus]

Openvpn rocks. I like having pptp as a backup but openvpn is the way to go for me.

Sure. But me having a ton of Windows devices, including phones, using PPTP is much easier to set up on each device...

I was hoping to go the other way. Have PPTP as the main connection, and OpenVPN as the backup. But so far...

 

[Deleted member 27741]

Hmmm... have you tried adding the ports to the WAN/virtual server/port forwarding? A last resort, but it was necessary for me in the past.

 

[Moskus]

You know what.... That seemed to help! Thank you!
I can now log on repeatedly!

I'll leave it for a while and check again. It' a bit weird that the passthrough don't work after the first connection is terminated, so I'm guessing there's still a bug in there somewhere. But that's not that bad if we have found a workaround.