What's new

No VPN with Asuswrt-Merlin Firmware:3.0.0.4.374.35_4

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes i did try all type of server encryption... whatever i put, the router never llistens on port 1723 on WAN interface.

VPN Server - VPN Details

VPN Server mode : PPTP

Broadcast Support : Bpth
Authentication: Auto

Checked MPPE-128
Checked MPPE-40
Checked No Encryption

Connect to DNS Server automatically Yes
Connect to WINS Server automatically Yes
MRU 1450
MTU 1450
Client IP address 192.168.0.245 ~ 192.168.0.254 Maximum 10 clients
 
Last edited:
try setting mtu and mru to 1440 or something like that?
 
I tried all options, setting mtu to 1440... encryption or not... whatever the options i set, it doesn't make the router listen on wan port 1723...

The root cause is the router is NOT listening on port 1723 on the wan interface, unless this can be resolved, changing whatever option WILL NOT change anything.

It was already troubleshooted if pptpd was running, and it is... and also the routing table shows this:

Code:
admin@RT-AC66U:/tmp/home/root# iptables -L INPUT -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

    4   300 DROP       all  --  any    any     anywhere             anywhere
        state INVALID
 1249  147K ACCEPT     all  --  any    any     anywhere             anywhere
        state RELATED,ESTABLISHED
  215 45108 ACCEPT     all  --  lo     any     anywhere             anywhere
        state NEW
  481 69698 ACCEPT     all  --  br0    any     anywhere             anywhere
        state NEW
   13  4661 ACCEPT     udp  --  any    any     anywhere             anywhere
        udp spt:bootps dpt:bootpc
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere
        tcp dpt:1723
    0     0 ACCEPT     gre  --  any    any     anywhere             anywhere

   11   396 DROP       all  --  any    any     anywhere             anywhere

admin@RT-AC66U:/tmp/home/root#

The thing that shows me it's not listening, is the packets and bytes related through 1723... they are 0 and 0... if it's indeed listening like it should, and i try to connect, it would show some packets, but it doesn't because 1723 is not open, and is not listening on WAN interface.
 
Ok... searching elsewhere on the internet i found out some people did this to solve the problem:

forward port 1723, 50, 51 and 500 to the internal router IP address...

AND IT WORKED!

So i proved again, that there is something wrong in the VPN Enabling sequence NOT opening the right ports on the WAN interface.

Can someone asknowledge that there might be something wrong... i shouldn't have to enable port forwarding on 1723, 50, 51 and 500 for VPN to work, i would expect that enabling the VPN would forward those ports alone...

No?

(Forwarding only 1723 didn't work, i had to also forward 50 and 51 for VPN data and 500 for IPSec)
 
Rassal, I would very much like to get my merlin RT-AC66U working with VPN, can you describe how you got VPN to work?
 
I explained it as it would, pretty easy... but again, THIS shouldn`t have to be done in order to get the VPN working, enabling the VPN should open all those ports.

Just forward port 1723, 50, 51 and 500 (all TCP) to your internal router IP.

So in the router configuration, under WAN then Virtual Server / Port Forwarding

Add those 4 entries:

Service Name - Port Range - Local IP - Local Port - Protocol
----------------------------------------------------------
VPN Connect - 1723 - 192.168.0.1 - 1723 - TCP
VPN Data1 - 50 - 192.168.0.1 - 50 - TCP
VPN Data2 - 51 - 192.168.0.1 - 51 - TCP
VPN IPSec - 500 - 192.168.0.1 - 500 - TCP

For me, once i did this, i was able to telnet on port 1723, and connect using VPN from any internet enabled computer, tablet or smartphone.
 
thanks, that didn't solve my problem, thanks though

my phone still says "connection down" when I try to VPN in
 
Long time listener, first time caller.....from my experimentation on an AC66U and firmware 3.0.0.4.374.35_4, enabling DMZ kills PPTP capability. May or may not be related..... As soon as DMZ is disabled all PPTP functionality is restored.
 
Oh... you touch something here!!! I have DMZ active... let me check this!
 
Long time listener, first time caller.....from my experimentation on an AC66U and firmware 3.0.0.4.374.35_4, enabling DMZ kills PPTP capability. May or may not be related..... As soon as DMZ is disabled all PPTP functionality is restored.

Well my friend, you nailed it!

I removed my 4 forwarding rules, and disabled DMZ... and VPN works like a charm.

So, there is something in relation to enabling DMZ and VPN functionality, which you can have a workaround, by manually forwarding 1723, 50, 51 and 500 to your internal router IP address if DMZ is active.

I will try it like that and see if my Vonage VoIP can live without DMZ if so, my problem is solved.

But still, enabling DMZ, should not kill PPTP/VPN function... at least, i found a workaround with the manual port forwarding, but there is a bug here, which i was told that i had something else before my router that was blocking everything (which was obviously NOT the case).

THanks a lot!
 
When I use asus/asus for login/passw VPN works well, any other does not work....

Verstuurd vanaf mijn GT-P5110 met Tapatalk
 
I don't have DMZ enabled and VPN still fails to let me connect from my phone to my external IP. (where it used to work with the Asus firmware)
 
Generally, when you enable DMZ the purpose is that any port requests made to the WAN are then sent to the IP address you set as the exposed station. It is then the responsibility of the exposed station to deal with the port request.

If you don't forward the VPN traffic back to the router when you have enabled DMZ the router will never get the traffic meant for the VPN services.
 
I don't have DMZ enabled and VPN still fails to let me connect from my phone to my external IP. (where it used to work with the Asus firmware)

I don't know that you ever enabled DMZ, but just FYI, I enabled DMZ and killed my VPN, and disabling the DMZ didn't bring it back. I had to do a factory reset. I'm sure if I dug more I could find what changed, but it wasn't an efficient use of my time.

That's with stock Asus firmware 3.0.0.4.374_979.

Hope that helps someone.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top