Microsoft Teams connection drops

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

kman

Regular Contributor
Hello,

I'm having an issue with my ASUS AC68U (v386.2_6) where Microsoft Teams drops the connection after 10 seconds. Even though I'm connected to my company's VPN, it still drops the connection.

The issue is very similar to that reported here, NAT Issue - Microsoft Teams connection drops. When I disable NAT Acceleration, it works, however, that drastically reduces my network speed.

Any suggestions/help on this matter would be appreciated. Is there something I can enable in the port forwarding or any other configuration?

Thank you.
 

ColinTaylor

Part of the Furniture
Even though I'm connected to my company's VPN, it still drops the connection.
I'm presuming that the VPN client is running on your PC and not the router.

I don't know anything about how Teams works but... is your VPN client configured for split tunnelling and therefore being bypassed by the Teams traffic? Can you reconfigure the VPN client to disable split tunnelling?
 

elorimer

Very Senior Member

kman

Regular Contributor
is your VPN client configured for split tunnelling and therefore being bypassed by the Teams traffic? Can you reconfigure the VPN client to disable split tunnelling?

VPN is setup on the PC and not the router. It's Cisco AnyConnect. Unfortunately, I don't have the permissions to modify the settings. I'm attaching a screenshot for your reference.

2021-06-17_234737.png
 

ColinTaylor

Part of the Furniture
Thanks @kman. I'm guessing that if you look at the Route Details when the tunnel is up you'll find exceptions for the Teams servers (as per the Cisco and Microsoft recommendations).

The problem with UDP traffic is that it is incompatible with the router's hardware acceleration, as you have demonstrated. The strange thing is that there should be a firewall entry that disables CTF for UDP traffic to try and get around this problem. Maybe that's not working properly (see a similar but different problem here)?

Can you post the output of the following commands please?
Code:
iptables-save -t mangle
iptables-save -t nat
nvram get ctf_pt_udp

EDIT: It looks like this firewall rule might have been deactivated in later firmware (I use John's firmware). I don't know why that would be, maybe they thought it wasn't needed any more. Anyway, if you could post the output from the commands above it will confirm it one way or the other.
 
Last edited:

Makaveli

Very Senior Member
I use Teams everyday and on a teams call right now with company VPN and no drops with this firmware.

VPN is running off PC not router, and runner and flow cache are enabled.
 
Last edited:

ColinTaylor

Part of the Furniture
I use Teams everyday and on a teams call right now with company VPN and no drops with this firmware.
Is your VPN using split tunnelling?

and runner and flow cache are enabled.
My assumption has been that this (UDP) problem does not effect the HND routers because they no longer use CTF.
 

Makaveli

Very Senior Member
Is your VPN using split tunnelling?

My assumption has been that this (UDP) problem does not effect the HND routers because they no longer use CTF.

Yes Split tunneling is on. We use forigate so I had to check it from the server the client software doesn't show it.

And yes no CTF on this HND router.
 

Makaveli

Very Senior Member
Thanks @Makaveli.

If we can't fix the OP's issue in software then it's a perfect excuse reason for him to replace his RT-AC68U with an RT-AX86U or similar.

I think now is a good time for people to start upgrading these older AC68U routers they are about 7+ years old now with only 256mb of ram. And considering this is for work maybe OP might be able to get his work to cover some of the cost?
 
Last edited:

kman

Regular Contributor
Can you post the output of the following commands please?

See the output:
Code:
[email protected]:/tmp/home/root# iptables-save -t mangle
# Generated by iptables-save v1.4.15 on Fri Jun 18 12:10:40 2021
*mangle
:PREROUTING ACCEPT [2033521:899950266]
:INPUT ACCEPT [972178:196102803]
:FORWARD ACCEPT [1049099:703117408]
:OUTPUT ACCEPT [968265:201609377]
:POSTROUTING ACCEPT [2020285:905805915]
-A PREROUTING -i br0 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A PREROUTING -i tun21 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MARK --set-xmark 0x1/0x7
COMMIT
# Completed on Fri Jun 18 12:10:40 2021

Note - I have masked my IP address with -.-.-.-
Code:
[email protected]:/tmp/home/root# iptables-save -t nat
# Generated by iptables-save v1.4.15 on Fri Jun 18 12:12:11 2021
*nat
:PREROUTING ACCEPT [123628:10575012]
:INPUT ACCEPT [119338:9402015]
:OUTPUT ACCEPT [147454:12839033]
:POSTROUTING ACCEPT [117573:10001616]
:DNSFILTER - [0:0]
:DNSVPN1 - [0:0]
:GAME_VSERVER - [0:0]
:LOCALSRV - [0:0]
:PCREDIRECT - [0:0]
:PUPNP - [0:0]
:VSERVER - [0:0]
:VUPNP - [0:0]
-A PREROUTING -p tcp -m tcp --dport 53 -j DNSVPN1
-A PREROUTING -p udp -m udp --dport 53 -j DNSVPN1
-A PREROUTING -p udp -m udp --dport 51198 -j ACCEPT
-A PREROUTING -d -.-.-.-/32 -j GAME_VSERVER
-A PREROUTING -d -.-.-.-32 -j VSERVER
-A PREROUTING -d 169.254.183.25/32 -j GAME_VSERVER
-A PREROUTING -d 169.254.183.25/32 -j VSERVER
-A PREROUTING -s 192.168.1.0/24 -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j DNSFILTER
-A POSTROUTING -o tun11 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o tun11 -j MASQUERADE
-A POSTROUTING -o ppp0 -j PUPNP
-A POSTROUTING ! -s -.-.-.-/32 -o ppp0 -j MASQUERADE
-A POSTROUTING ! -s 169.254.183.25/32 -o vlan35 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MASQUERADE
-A DNSFILTER -j DNAT --to-destination 192.168.1.1
-A DNSVPN1 -s 192.168.1.10/32 -j DNAT --to-destination 10.0.0.241
-A DNSVPN1 -s 192.168.1.177/32 -j DNAT --to-destination 10.0.0.241
-A DNSVPN1 -s 192.168.1.106/32 -j DNAT --to-destination 10.0.0.241
-A PUPNP -s 192.168.1.125/32 -p tcp -m tcp --sport 32400 -j MASQUERADE --to-ports 11658
-A VSERVER -p tcp -m tcp --dport 32499 -j DNAT --to-destination 192.168.1.125:32400
-A VSERVER -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.125:3389
-A VSERVER -j VUPNP
-A VUPNP -p tcp -m tcp --dport 11658 -j DNAT --to-destination 192.168.1.125:32400
COMMIT
# Completed on Fri Jun 18 12:12:11 2021

Code:
[email protected]:/tmp/home/root# nvram get ctf_pt_udp
0

Also, I believe this started happening after update to v386.2 (2-Apr-2021). From the Teams chats, I can see I had successfully connected to voice calls up until the end of March.
 

ColinTaylor

Part of the Furniture
Thanks for the info @kman. The firewall rule I was referring to doesn't seem to be enabled.

If this has only just started happening it might be worth going back to the previous firmware setup and seeing if that fixes it.

You could also try disabling the DNSFilter just in case that's having some sort of detrimental effect.

Otherwise you could try what I was thinking about by making the following change:
Code:
nvram set ctf_pt_udp=1
nvram commit
service reboot
After the reboot check whether it's created the rule by issuing:
Code:
iptables-save -t mangle
 

kman

Regular Contributor
Otherwise you could try what I was thinking about by making the following change
Thanks. If this doesn’t work how can I undo or delete this command?
Code:
nvram set ctf_pt_udp=1

Also, what am I looking for in this output after enabling the above command?
Code:
iptables-save -t mangle

Thank you.
 

ColinTaylor

Part of the Furniture
Thanks. If this doesn’t work how can I undo or delete this command?
Code:
nvram set ctf_pt_udp=1
Undo the change with this:
Code:
nvram set ctf_pt_udp=0
nvram commit
service reboot

Also, what am I looking for in this output after enabling the above command?
Code:
iptables-save -t mangle
You're looking for this line:
Code:
-A FORWARD -p udp -m state --state NEW -j MARK --set-xmark 0x1/0x7
 

Kanji-San

Regular Contributor
I have been using Teams, with split-tunneling, on an RT-AC68U with 386.2_4 and CTF + FA enabled without any problems.

If your company supports it try running Teams without VPN (or split-tunneling).
 

kman

Regular Contributor
@ColinTaylor Thank you!

Applying this code, fixed the issue.

Code:
nvram set ctf_pt_udp=1
nvram commit
service reboot

Here is the output:
Code:
[email protected]:/tmp/home/root# iptables-save -t mangle
# Generated by iptables-save v1.4.15 on Fri Jun 18 19:25:27 2021
*mangle
:PREROUTING ACCEPT [35211:7900150]
:INPUT ACCEPT [24744:6958840]
:FORWARD ACCEPT [10276:925962]
:OUTPUT ACCEPT [23863:3316560]
:POSTROUTING ACCEPT [34266:4270390]
-A PREROUTING -i br0 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A PREROUTING -i tun21 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MARK --set-xmark 0x1/0x7
-A FORWARD -p udp -m state --state NEW -j MARK --set-xmark 0x1/0x7
COMMIT
# Completed on Fri Jun 18 19:25:27 2021

@Makaveli you are right, I do need an upgrade. My AC68U is from 2014 and can definitely use an upgrade. I'll try to get something during Black Friday sale.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top