• October 15, 2024, 06:41:27 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Basic VPN Troubleshooting and Suggestions.  (Read 13402 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Basic VPN Troubleshooting and Suggestions.
« on: March 26, 2014, 09:32:23 AM »

Most DIR series routers are VPN Pass-thru routers, meaning that very little if any VPN configuration is needed. However in some cases, more advanced settings are needed for a more active VPN connection configuration. These are suggested troubleshooting steps to help in VPN problems. It's recommended to contact your VPN provider or VPN IT department who works with your VPN for help and information regarding any VPN issues seen beyond this.

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?
  • Is ISP Modem/Service using Dynamic or Static WAN IP addressing?
  • Check cable between Modem and Router, swap out to be sure. Link> Cat6 is recommended.
  • If the ISP modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems: Link>Double NAT and How NAT Works. To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged. If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ. Also check the routers DHCP IP address maybe conflicting with the ISP modems IP address of 192.168.0.1. Check to see if this is the same on the ISP modem, and if modem can't be bridged, change the DIR router to 192.168.1.1 or .0.254.
    Example of a D-Link router configured for PPPoE with ISP Modem bridged: PPPoE Configuration on Router
  • Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask. Link>Checking MTU Values. Set a manual MTU value instead of using AUTO MTU and test.
  • For DSL/PPPoE connections on the router, ensure that "Always ON" option is enabled.


  • Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
Setup/Networking/Enable DNS Relay:
Setup/Internet/Manual:Use Unicasting: Off

Advanced/Firewall:
Enable SPI: UNCHECKED
UDP Endpoint Filtering:  Endpoint Independent or Address Restricted
TCP Endpoint Filtering:  Endpoint Independent or Port & Address Restricted
Enable anti-spoof checking:  UNCHECKED or Checked

ALG: ALL CHECKED
NOTE: IPSec (VPN): Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec through NAT. This Application Level Gateway (ALG) may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try turning this ALG off. Please check with the system administrator of your corporate network whether your VPN client supports NAT traversal.

Advanced/Networking:
IPv4 Multicast Streams: Off

Advanced/Virtual Server Settings: May not be needed for most pass-thru VPN traffic.
IP47  192.168.0.151  47 0 → 0  Always  Allow All     
PPTP  192.168.0.151  Both 1723 → 1723  Always  Allow All     
L2TP  192.168.0.151  Both 1701 → 1701  Always  Allow All     
L2TP2  192.168.0.151  Both 450 → 4500  Always  Allow All 

3rd Party Security Software Configurations
  • Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.

Additional Resources:
DSLReports - Networking 101: The VPN
http://forums.dlink.com/index.php?topic=13352.0
http://forums.dlink.com/index.php?topic=56861.0
http://forums.dlink.com/index.php?topic=10965.0
http://forums.dlink.com/index.php?topic=13056.0
http://www.orbit-computer-solutions.com/Types-of-VPN-Access.php
http://www.orbit-computer-solutions.com/Remote-access-VPNs.php
« Last Edit: August 31, 2016, 08:43:29 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.