Archer C9 VPN Passthrough Issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer C9 VPN Passthrough Issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C9 VPN Passthrough Issues
Archer C9 VPN Passthrough Issues
2019-09-27 18:09:26 - last edited 2019-09-27 18:20:18
Model: Archer C9  
Hardware Version: V1
Firmware Version: 3.17.1 Build 20180125 Rel.56387n

I'm having issues connecting to a VPN server that's behind the router when the device is external, but it can connect just fine when on the local network. The VPN client is pointing to a valid, externally-resolving hosting, (ex: vpn.myDomain.com).

 

Port Forwarding Settings

UDP 80 -> 10.0.1.3:80 (Server, for public facing websites)

UDP 443 -> 10.0.1.3:443 (Server, for public facing websites SSL)

UDP 500 -> 10.0.1.3:500 (Server, IPSec)

UDP 1701 -> 10.0.1.3:1701 (Server, IPSec)

UDP 4500 -> 10.0.1.3:4500 (Server, NAT Traversal)

TCP 1723 -> 10.0.1.3:1723 (Server, PPTP)

 

Security Settings:

SPI Firewall -> Disabled

PPTP Passthrough -> Enabled

L2TP Passthrough -> Enabled

IPSec Passthrough -> Enabled

 

I did a packet trace on UDP 500, 1701, and 4500 while connecting from an iPhone with WiFi on (internal) and off (external).

 

When testing internally, ISAKMP packets traveled to and from the iPhone's internal address and the Server's internal address, and L2TP packets traveled from the Server to the iPhone. The VPN logs showed a normal connection, then a hang up when the connection was closed.

 

When testing externally, ISAKMP packets traveled to and from the iPhone's external address to the Server's internal address, but there were no L2TP packets, instead the iPhone sent 5 ESP packets 3 seconds apart before reporting that the VPN server was not responding. The VPN server logs did not indicate any connection attempts were made. 

 

Authentication is not the issue. If it were, the VPN wouldn't connect when the iPhone is on the same network. 

 

I've confirmed with my ISP that they are not blocking the ports. If they were, there would be no traffic at all when initating the connection externally. 

 

 

The only logical conclusion I can make is that the router is blocking the L2TP traffic despite the settings. Any advice? I'm about ready to dump this router and go with something else, sadly. It's been a great router otherwise. 

 

 

  0      
  0      
#1
Options
2 Reply
Re:Archer C9 VPN Passthrough Issues
2019-09-27 19:37:48

@iTim314 

 

Just for the sake of testing, if you were to DMZ your server (10.0.1.3), does that work?

  0  
  0  
#2
Options
Re:Archer C9 VPN Passthrough Issues
2019-09-27 19:40:08

@Tony Thanks for the suggestion. Unfortunately, it does not. I think the issue has less to do with forwarding UDP and TCP ports but perhaps the IP protocols 50/51 and those ESP packets. My understanding of that is very limited. 

  0  
  0  
#3
Options