L2TP connection to office VPN fails on RT-AX86U, works fine on RT-N56U (IPSec passthrough interference?)

Iommi

New Around Here
I VPN to my office using L2TP (macOS VPN client to whatever VPN server they have at the office).

Recently I replaced my home RT-N56U with a RT-AX86U (or I intended to, currently I have both connected to different ethernet ports on my cable modem).

My VPN has always worked with the RT-N56U, and does today (this is using the macOS VPN client to connect, not the router itself).

When I connect to my brand new RT-AX86U though, the VPN appears to connect normally (I get an office NAT IP, I see the green indicators send and receive some traffic). However, things that are already connected stay connected... but no new traffic works (I cannot ping 8.8.8.8 or connect anything to anything, even though a previously established remote-desktop session stays up). After about two minutes the VPN disconnects itself.

The exact same macOS VPN connector works if I switch back to my RT-N56U.

I have basically disabled everything on the RT-AX86U that has a "disabled/off" switch (since it was broken this way out-of-the-box/with the defaults). (My home NATs are both 192's, while the office's is a 10x, and the cable modem is a 172x, so I don't think it's something simple like that either.)

A network administrator at the office guessed that perhaps IPSec (NAT) passthrough was not configured or working properly on the RT-AX86U. He noted the similarity in the interfaces between the two (from screenshots) and suggested that I backup my configuration from the RT-N56U and restore it to the RT-AX86U.

Does anyone have an insight into this issue? Is the suggested backup/restore likely to work? Has anyone seen anything like this? (Does anyone else have a similar symptom?)

Incidentally the office VPN also offers IKEv2 which does work through both routers. (macOS's VPN client has a lousy implementation for IKEv2 though, unlike its L2TP option IKEv2 does not have a checkbox for "do not send all traffic over the VPN" and its IKEv2 does not launch /etc/ppp/ip-up as a script on connection... which I use to choose which routes to send through the VPN... IKEv2 requires me to do that manually each time).

RT-AX86U firmware 3.0.0.4.386_46061
RT-N56U firmware 3.0.0.4.374_4561

Thanks.
 

ColinTaylor

Part of the Furniture
Don't backup and restore your old config onto your new router. It will not work and will just scramble your new router's config.

currently I have both connected to different ethernet ports on my cable modem
Are you sure this is possible? Most cable modems only allow one device to be connected to it. Or is this actually a combined cable modem and router?

I presume you have "L2TP Passthrough" enabled on the router?
 

Iommi

New Around Here
Hi.

Yes, it is a combination cable modem, router, VOIP. It even has wireless (my L2TP VPN connects properly if I connect to my cable modem's wireless network too).

No. I don't know how I would enable "L2TP Passthrough" on the RT-AX86U (maybe that's all I'm asking?). I have gone so far as to disable its firewall altogether to test this, to no avail (not that the router's firewall appears to have settings that granular.)

Thanks.
 

ColinTaylor

Part of the Furniture
L2TP Passthrough should be enabled by default. Check it is at WAN > NAT Passthrough.
 

Iommi

New Around Here
Yes, enabled already. Thanks for the pointer though it's been awhile since I clicked through all these menus disabling every feature trying to fix this.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top