Most DIR series routers are VPN Pass-thru routers, meaning that very little if any VPN configuration is needed. However in some cases, more advanced settings are needed for a more active VPN connection configuration. These are suggested troubleshooting steps to help in VPN problems. It's recommended to contact your VPN provider or VPN IT department who works with your VPN for help and information regarding any VPN issues seen beyond this. Internet Service Provider and Modem Configurations- What ISP Service do you have? Cable or DSL?
- What ISP Modem Mfr. and model # do you have?
- Is ISP Modem/Service using Dynamic or Static WAN IP addressing?
- Check cable between Modem and Router, swap out to be sure. Link> Cat6 is recommended.
- If the ISP modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems: Link>Double NAT and How NAT Works. To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged. If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ. Also check the routers DHCP IP address maybe conflicting with the ISP modems IP address of 192.168.0.1. Check to see if this is the same on the ISP modem, and if modem can't be bridged, change the DIR router to 192.168.1.1 or .0.254.
Example of a D-Link router configured for PPPoE with ISP Modem bridged: PPPoE Configuration on Router - Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask. Link>Checking MTU Values. Set a manual MTU value instead of using AUTO MTU and test.
- For DSL/PPPoE connections on the router, ensure that "Always ON" option is enabled.
- Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
Setup/Networking/Enable DNS Relay: Setup/Internet/Manual:Use Unicasting: Off
Advanced/Firewall:Enable SPI: UNCHECKED
UDP Endpoint Filtering: Endpoint Independent or Address Restricted
TCP Endpoint Filtering: Endpoint Independent or Port & Address Restricted
Enable anti-spoof checking: UNCHECKED or Checked
ALG: ALL CHECKED
NOTE: IPSec (VPN): Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec through NAT. This Application Level Gateway (ALG) may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try turning this ALG off. Please check with the system administrator of your corporate network whether your VPN client supports NAT traversal.
Advanced/Networking:IPv4 Multicast Streams: Off
Advanced/Virtual Server Settings: May not be needed for most pass-thru VPN traffic.
IP47 192.168.0.151 47 0 → 0 Always Allow All
PPTP 192.168.0.151 Both 1723 → 1723 Always Allow All
L2TP 192.168.0.151 Both 1701 → 1701 Always Allow All
L2TP2 192.168.0.151 Both 450 → 4500 Always Allow All
3rd Party Security Software Configurations- Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
Additional Resources:
DSLReports - Networking 101: The VPNhttp://forums.dlink.com/index.php?topic=13352.0http://forums.dlink.com/index.php?topic=56861.0http://forums.dlink.com/index.php?topic=10965.0http://forums.dlink.com/index.php?topic=13056.0http://www.orbit-computer-solutions.com/Types-of-VPN-Access.phphttp://www.orbit-computer-solutions.com/Remote-access-VPNs.php