What's new

Microsoft Teams connection drops

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kman

Regular Contributor
Hello,

I'm having an issue with my ASUS AC68U (v386.2_6) where Microsoft Teams drops the connection after 10 seconds. Even though I'm connected to my company's VPN, it still drops the connection.

The issue is very similar to that reported here, NAT Issue - Microsoft Teams connection drops. When I disable NAT Acceleration, it works, however, that drastically reduces my network speed.

Any suggestions/help on this matter would be appreciated. Is there something I can enable in the port forwarding or any other configuration?

Thank you.
 
Even though I'm connected to my company's VPN, it still drops the connection.
I'm presuming that the VPN client is running on your PC and not the router.

I don't know anything about how Teams works but... is your VPN client configured for split tunnelling and therefore being bypassed by the Teams traffic? Can you reconfigure the VPN client to disable split tunnelling?
 
is your VPN client configured for split tunnelling and therefore being bypassed by the Teams traffic? Can you reconfigure the VPN client to disable split tunnelling?

VPN is setup on the PC and not the router. It's Cisco AnyConnect. Unfortunately, I don't have the permissions to modify the settings. I'm attaching a screenshot for your reference.

2021-06-17_234737.png
 
Thanks @kman. I'm guessing that if you look at the Route Details when the tunnel is up you'll find exceptions for the Teams servers (as per the Cisco and Microsoft recommendations).

The problem with UDP traffic is that it is incompatible with the router's hardware acceleration, as you have demonstrated. The strange thing is that there should be a firewall entry that disables CTF for UDP traffic to try and get around this problem. Maybe that's not working properly (see a similar but different problem here)?

Can you post the output of the following commands please?
Code:
iptables-save -t mangle
iptables-save -t nat
nvram get ctf_pt_udp

EDIT: It looks like this firewall rule might have been deactivated in later firmware (I use John's firmware). I don't know why that would be, maybe they thought it wasn't needed any more. Anyway, if you could post the output from the commands above it will confirm it one way or the other.
 
Last edited:
I use Teams everyday and on a teams call right now with company VPN and no drops with this firmware.

VPN is running off PC not router, and runner and flow cache are enabled.
 
Last edited:
Is your VPN using split tunnelling?

My assumption has been that this (UDP) problem does not effect the HND routers because they no longer use CTF.

Yes Split tunneling is on. We use forigate so I had to check it from the server the client software doesn't show it.

And yes no CTF on this HND router.
 
Thanks @Makaveli.

If we can't fix the OP's issue in software then it's a perfect excuse reason for him to replace his RT-AC68U with an RT-AX86U or similar.

I think now is a good time for people to start upgrading these older AC68U routers they are about 7+ years old now with only 256mb of ram. And considering this is for work maybe OP might be able to get his work to cover some of the cost?
 
Last edited:
Can you post the output of the following commands please?

See the output:
Code:
admin@RT-AC68U-0E70:/tmp/home/root# iptables-save -t mangle
# Generated by iptables-save v1.4.15 on Fri Jun 18 12:10:40 2021
*mangle
:PREROUTING ACCEPT [2033521:899950266]
:INPUT ACCEPT [972178:196102803]
:FORWARD ACCEPT [1049099:703117408]
:OUTPUT ACCEPT [968265:201609377]
:POSTROUTING ACCEPT [2020285:905805915]
-A PREROUTING -i br0 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A PREROUTING -i tun21 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MARK --set-xmark 0x1/0x7
COMMIT
# Completed on Fri Jun 18 12:10:40 2021

Note - I have masked my IP address with -.-.-.-
Code:
admin@RT-AC68U-0E70:/tmp/home/root# iptables-save -t nat
# Generated by iptables-save v1.4.15 on Fri Jun 18 12:12:11 2021
*nat
:PREROUTING ACCEPT [123628:10575012]
:INPUT ACCEPT [119338:9402015]
:OUTPUT ACCEPT [147454:12839033]
:POSTROUTING ACCEPT [117573:10001616]
:DNSFILTER - [0:0]
:DNSVPN1 - [0:0]
:GAME_VSERVER - [0:0]
:LOCALSRV - [0:0]
:PCREDIRECT - [0:0]
:PUPNP - [0:0]
:VSERVER - [0:0]
:VUPNP - [0:0]
-A PREROUTING -p tcp -m tcp --dport 53 -j DNSVPN1
-A PREROUTING -p udp -m udp --dport 53 -j DNSVPN1
-A PREROUTING -p udp -m udp --dport 51198 -j ACCEPT
-A PREROUTING -d -.-.-.-/32 -j GAME_VSERVER
-A PREROUTING -d -.-.-.-32 -j VSERVER
-A PREROUTING -d 169.254.183.25/32 -j GAME_VSERVER
-A PREROUTING -d 169.254.183.25/32 -j VSERVER
-A PREROUTING -s 192.168.1.0/24 -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j DNSFILTER
-A POSTROUTING -o tun11 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o tun11 -j MASQUERADE
-A POSTROUTING -o ppp0 -j PUPNP
-A POSTROUTING ! -s -.-.-.-/32 -o ppp0 -j MASQUERADE
-A POSTROUTING ! -s 169.254.183.25/32 -o vlan35 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MASQUERADE
-A DNSFILTER -j DNAT --to-destination 192.168.1.1
-A DNSVPN1 -s 192.168.1.10/32 -j DNAT --to-destination 10.0.0.241
-A DNSVPN1 -s 192.168.1.177/32 -j DNAT --to-destination 10.0.0.241
-A DNSVPN1 -s 192.168.1.106/32 -j DNAT --to-destination 10.0.0.241
-A PUPNP -s 192.168.1.125/32 -p tcp -m tcp --sport 32400 -j MASQUERADE --to-ports 11658
-A VSERVER -p tcp -m tcp --dport 32499 -j DNAT --to-destination 192.168.1.125:32400
-A VSERVER -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.125:3389
-A VSERVER -j VUPNP
-A VUPNP -p tcp -m tcp --dport 11658 -j DNAT --to-destination 192.168.1.125:32400
COMMIT
# Completed on Fri Jun 18 12:12:11 2021

Code:
admin@RT-AC68U-0E70:/tmp/home/root# nvram get ctf_pt_udp
0

Also, I believe this started happening after update to v386.2 (2-Apr-2021). From the Teams chats, I can see I had successfully connected to voice calls up until the end of March.
 
Thanks for the info @kman. The firewall rule I was referring to doesn't seem to be enabled.

If this has only just started happening it might be worth going back to the previous firmware setup and seeing if that fixes it.

You could also try disabling the DNSFilter just in case that's having some sort of detrimental effect.

Otherwise you could try what I was thinking about by making the following change:
Code:
nvram set ctf_pt_udp=1
nvram commit
service reboot
After the reboot check whether it's created the rule by issuing:
Code:
iptables-save -t mangle
 
Otherwise you could try what I was thinking about by making the following change
Thanks. If this doesn’t work how can I undo or delete this command?
Code:
nvram set ctf_pt_udp=1

Also, what am I looking for in this output after enabling the above command?
Code:
iptables-save -t mangle

Thank you.
 
Thanks. If this doesn’t work how can I undo or delete this command?
Code:
nvram set ctf_pt_udp=1
Undo the change with this:
Code:
nvram set ctf_pt_udp=0
nvram commit
service reboot

Also, what am I looking for in this output after enabling the above command?
Code:
iptables-save -t mangle
You're looking for this line:
Code:
-A FORWARD -p udp -m state --state NEW -j MARK --set-xmark 0x1/0x7
 
I have been using Teams, with split-tunneling, on an RT-AC68U with 386.2_4 and CTF + FA enabled without any problems.

If your company supports it try running Teams without VPN (or split-tunneling).
 
@ColinTaylor Thank you!

Applying this code, fixed the issue.

Code:
nvram set ctf_pt_udp=1
nvram commit
service reboot

Here is the output:
Code:
admin@RT-AC68U-0E70:/tmp/home/root# iptables-save -t mangle
# Generated by iptables-save v1.4.15 on Fri Jun 18 19:25:27 2021
*mangle
:PREROUTING ACCEPT [35211:7900150]
:INPUT ACCEPT [24744:6958840]
:FORWARD ACCEPT [10276:925962]
:OUTPUT ACCEPT [23863:3316560]
:POSTROUTING ACCEPT [34266:4270390]
-A PREROUTING -i br0 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A PREROUTING -i tun21 -m set --match-set PANDORA dst -j MARK --set-xmark 0x1000/0x1000
-A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MARK --set-xmark 0x1/0x7
-A FORWARD -p udp -m state --state NEW -j MARK --set-xmark 0x1/0x7
COMMIT
# Completed on Fri Jun 18 19:25:27 2021

@Makaveli you are right, I do need an upgrade. My AC68U is from 2014 and can definitely use an upgrade. I'll try to get something during Black Friday sale.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top