[dmars]

Hi,

I installed the Kong 24865M version earlier this week and I can no longer connect from my laptop inside my network to an external VPN Server outside of my network.

I have confirmed that the VPN Server works, including connecting my laptop directly to my ISP modem. The connection only fails when going though the DD-WRT.

The VPN connection worked fine when on the factory firmware.

- I have ensured that VPN Passthrough is enabled for:
IPSec
PPTP
L2Tp

- I have tried disabling the SPI firewall (and rebooting) and it didn't help.

- I have tried disabling the FTP Server (PPTP) running on DD-WRT (and rebooting), and it didn't help.

- MTU is set to Auto.

- I confirmed with my company's admin that the internal subnet is different from my internal subnet (They use 10.x.x.x, I use 192.x.x.x).

- He also confirmed that when I connect through DD-WRT, my connection attempts to not reach the Server.

- The VPN Client (Windows) sits at "Verifying the password..." for about 36 seconds, then it disconnects and closes the port with "Error 619".

- Confirmed the account and password are correct (works when bypassing DD-WRT).

- Same thing happens when connected to DD-WRT by wire or wireless.

Any ideas?

Thanks in advance.

[dmars]

Ok, so after typing out that checklist, I thought about DMZ.

When enabling DMZ, it appears to work. However, that is a bit like using a shotgun to kill an ant.

The good news is that I now know it can work.

So my guess is that certain ports are not being passed through properly. I would also suspect that this means the VPN Passthrough option is not working as expected.

Does anyone happen to know exactly which ports need to be opened for an L2TP connection, including IPSec?

And I don't think I'd be able to just use port forwarding for those, would I?

What about non-TCP/UDP protocols like GRE?

[cdmarshall]

odd i have the same load on my ea6900 and i use both SSL based VPN and IPSEC based VPN just fine through mine.... wonder if it is something different with the setup on your router? you don't have hardware nat enabled do you?

[JAMESMTL]

This is an issue with 24865 affecting many users including myself. You can roll back to 24800 which does not have this problem.

See http://www.dd-wrt.com/phpBB2/viewtopic.php?p=913556&highlight=#913556

[cdmarshall]

I suppose the question is is it PPTP that's broke or random IPSEC/VPN issues also.

[JAMESMTL]

Rolfl reported the same issue with ios device trying to connect via L2TP

PPTP server on router works fine. If I remember correctly so does the client.

From memory I would also say that all pptp modules are loaded and iptable rules seem to be present as well. Honestly though i haven't dug any further.

[dmars]

@cdmarshall - I do not intentionally have hardware NAT enabled. In fact, I have no idea where I would even check on this router.

The closest thing I can think of, is that I followed the guide to create a "virtual" guest SSID and have it be separate from my internal network, along with it's own DHCP Server.

http://tips.desipro.de/2013/12/06/guest-wifi-setup-dd-wrt/

@JAMESMTL - I looked at that thread and it looks like there are several different issues. Not sure if they specifically refer to mine.

@Everyone - I am trying to connect outbound using L2TP/IPSec when it fails. If I create a DMZ to my laptop (VPN client), it works.

I also configured my router to accept PPTP connections and I can connect to that from external clients just fine (ie: iPhone, etc). But I don't think it will work while I have DMZ turned on.

To me, it sounds as though VPN passthrough is not properly passing through L2TP and/or IPSec. I don't have an external PPTP Server to test outbound.

[Giraffe]

I'm experiencing exactly the same problem, with my R7000 running kongac 24865M.
I cannot connect to a external VPN Server using PPTP

I've tried everything, PPTP Passtrough is enabled, i've tried port-fowarding, setting firewall ip-tables, disabling SPI-firewall, but none of it is working.

I'm glad i've stumbled upon this thread since i just couldn't figure out wat i was doing wrong....

[<Kong>]

Highly unlikely, that this is anything in the firmware. The passthrough option in the firmware does only filter traffic in case it is set to disable, if it is set to enable, then dd-wrt does nothing. Thus you should troubleshoot on the client computer.

[Giraffe]

[JAMESMTL]

[_Robb_]

Maybe this is a mtu issue?

Did you try to ping your vpn server with:

[nathulal]

[<Kong>]

Then it must be a kernel issue and I have to tell BS to update the binary broadcom modules. I can't sync with kernel from 25000 because the public binaries don't work anymore. I have the same issue with AC mipsel units, which kind of annoys me.

[MrDoh]