D-Link Forums

D-Link Wireless Routers for Home and Small Business => DIR-882 => Topic started by: IMRJS on June 07, 2018, 08:49:33 AM

Title: VPN - L2TP - Not working
Post by: IMRJS on June 07, 2018, 08:49:33 AM
Running 1.10
N/A

L2TP will not work... You cannot connect. I bought three of these routers and wont work on any of them. Tried with F/W Ver 1.00, 1.01, 1.10

Works fine on my DIR-890L, DIR-868L, and  DIR-880L. I have tried DNS Relay enabled and disabled no effect.

Help,

Ryan

Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on June 07, 2018, 08:58:08 AM
In the router GUI, go to Features > Firewall. Click Advanced Settings and make sure PPTP and IPSec are enabled. Click Save.
Title: Re: VPN - L2TP - Not working
Post by: IMRJS on June 15, 2018, 09:54:57 AM
PPTP and IPSec are enabled still wont work   >:(. Wonder if I should return this router and go with a DSR-250n?

Thanks,
R
Title: Re: VPN - L2TP - Not working
Post by: FurryNutz on July 17, 2018, 08:39:06 AM
Any progress on this?
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on August 15, 2018, 12:44:49 PM
I signed up to the forum to complain about the same issue .
It took a whole day to realize that the problems were caused by the SPI firewall ; @ first I thought that maybe my 2 mobile service providers were filtering the IPsec packages because if I were connected to the router's wifi network the VPN would work even though the target VPN server address I filled in was the dinamic hostname for the DynDNS service .
Following someone's suggestion I checked to see if the firewall was interffering with the connection ; even though it shouldn't happen that was the case . A soon as I disabled the SPI firewall the 2 Android phones (on 2 different mobile providers) were able to connect to the router (MS-CHAP v2 + RC4-128).
The PPTP/IPsec options in the Firewall's advanced tab have nothing to do with the embeded VPN server ; they only intruct the firewall to allow passthough of those specific packets when the user is trying to connect to a VPN server on the internet.

Once connected I must say that I'm not impressed by the speed atchieved.
The mobile 4G+ average about 50-60 mb/s down 25-30 mb/s up without the VPN ; with the VPN connected the speed dropped to about 10 mb/s down and 15 mb/s up (maybe it would be faster without MPPE encryption or with PAP/CHAP instead of MS-CHAP v2 but it's still disapointing ). there is inter VLAN routing between the router's LAN and the VPN  VLAN but not all protocols/services are functioning ( SMB shares work but UnPnP DLNA streaming doesn't)

Hope it gets fixed in the next firmware as disabling the firewall to be able to connect to the VPN kind of defeats the point of VPN for security's sake in the first place .
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on August 15, 2018, 01:26:33 PM
Thank you for the info. I will forward to the router group for review.
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 09:20:41 AM
I've upgraded to firmware v 1.11 in the hope (even though to be fair it wasn't mentioned anywhere in the release notes) that the VPN not working with the firwall activated would be addressed somehow; it wasn't. The situation is still the same .
Has there been at least acknowledgement from the software team that they could replicate the issue and that it's being looked into ?
Thank you !
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 09:44:42 AM
Sorry I have not heard back. I will follow up and try to have a tech here test.

What is your setup?

What VPN client software are you running?

Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 10:03:07 AM
The router is set up as in the post above  ( MS-CHAP v2 + RC4-128 ) and the client is the standard Android IPSec client ( Samsung S9 Oreo, Orange Neva 80 MM , Lenovo Tab 3 MM ) and also standard Windows 10 Pro IPSec VPN client .

I've tried all combinations of Encryption protocols and cyphers but all are blocked by IPv4 SPI Firewall .
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 10:09:22 AM
Thanks for the info. We will test this today. Sorry for the delay.
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 10:58:34 AM
My first attempt worked without any issues. I connected to a camera (the web UI) inside the network. I will do more testing later today but it seems to work ok on my end. Using the 1.11 firmware and Android's built-in VPN client.

Is the 882 connected to another router or router/modem?
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 01:20:53 PM
No it is not ; it's a PPPoe connection handled by the router .
If you could export your config so I might try it  would be helpfull .
My VPN & firewall config
http://www.imagebam.com/image/8a2815987408294 (http://www.imagebam.com/image/8a2815987408294)
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 01:30:31 PM
It is default. I reset the router, connected to my test network which is a dynamic connection - has public IP.

In the router went to Quick VPN:
Enabled L2TP over IPSec.
Username - test
Password - secret
PSK = lotsofnumbersandletters

Under Advanced:
Authentication Protocol - mschapv2
MPPE - RC4-128


In Android: (android 8.0.0 Samsung S9+)
Settings > Connections > More Connection Settings > VPN. Click +

name - vpntest 882
type - L2TP/IPSec PSK
L2TP secret - leave blank
IPSec Identifier - leave blank
IPsec pre-shared key - entered PSK from 882 (case sensitive)
IP - 65.xx.xx.xx
username - test
pw - same as 882 (secret)

save.

I turned off bluetooth and Wi-Fi. Went outside and turned on VPN. Got a correct IP address. Pinged the router and camera inside the network. Opened a brower and got in the LAN side of the router and the web UI of the camera.
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 01:35:52 PM
Just looked at your screen shots. The 2nd one - firewall settings - i had all options disabled.
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 01:36:40 PM
was this done with the SPI firewall enbled (the second image)? without it I can connect also ; the firewall is what's blocking me from doing it .

http://www.imagebam.com/image/a11288987408324 (http://www.imagebam.com/image/a11288987408324) >> firewall
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 01:46:59 PM
On that page under Advanced Settings, what do you have enabled?  I have all 4 enabled.

I will mirror your settings to see if I can connect
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 01:52:07 PM
All 4 options under the Advanced firewall tab are enabled (disabling them however does not make any difference as they are mostly for specific traffic from inside the network like a VPN to a server from outside or VOIP)
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 02:10:50 PM
Ok we verified with SPI enabled does not allow you to connect as you stated.

There was a ticket from another country in our DTrack system with this exact issue. They gave a beta firmware 1.10B02BETA that fixed the issue. We are testing that firmware now to see if it does work. Not sure why 1.11 didnt have this fix (if it works). If the beta works, I will post here for you to try, then we will reopen the ticket for firmware 1.11.
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 02:15:18 PM
great , 10x for you swift work/help .
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on September 28, 2018, 02:22:36 PM
Well i did drop the ball since you reported this a month ago..... :-[

The beta failed. I will reopen the ticket and hope to hear from them early next week. Thanks for being patient.
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on September 28, 2018, 11:03:08 PM
OK thank you  for it .
I actually think that the SPI firewall issues are a little more generall in blocking public/private key transfers .
I'm saying this because in absence of a working VPN I tried to post my NAS portal on the web (to be able to access my data somehow ) via the Port Forward/Virtual Server options . I was succesfull in doing it for the unsecured http portal but the https just doesn't work (I've tried both a Port Fw seting on port 443 towards my NAS and also a Virtual Server with another port , ex. 8443 , pointing to port 443 on my NAS's IP  ); the TLS/SSL handshake just doesn't work . If I disable the SPI firewall then it functions as it should .
I'm hoping that the VPN/Firewall fix will fix this issue too as this one might have a bigger impact on more users than a non functioning VPN which less users would use in my opinion.
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on October 15, 2018, 09:57:22 AM
Sorry for the delay. I received BETA firmware to fix the vpn issue. Please let me know if this works for you.

ftp://FTP2.DLINK.COM/PRODUCTS/DIR-882/REVA/DIR-882_A1_v1.11B01_for_open_SPI_vpn_noworking_issue_2018_10_12%281012162256%29.bin.zip (ftp://FTP2.DLINK.COM/PRODUCTS/DIR-882/REVA/DIR-882_A1_v1.11B01_for_open_SPI_vpn_noworking_issue_2018_10_12%281012162256%29.bin.zip)
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on October 17, 2018, 12:15:13 PM
The issue indeed seems to be resolved ; here's hoping that the SPI firewall is active and protecting us and not just "on" .
I'll see in the coming days the stability of the build to conclude if it can be used as a daily driver or not .
Anyway thanks for the work you're doing bridging the gap between the clients and the engineers .

Now I know that I might be reaching for the sky but could we know if the present performance on  the VPN connection is all/roughly all the router can give (in my testing I'm geting ~ 9-10mb/s down and 13-14 mb/s up ) or can there be some further refining of the code to improve the speed .
Anyhoo for now I'm glad it works as is .
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on October 19, 2018, 06:58:20 AM
It is normal for speeds to slow down due to the overhead of the router encrypting/decryption the VPN traffic.  I sent dtrack your speeds you posted earlier in this thread. Will hear back next week.
Title: Re: VPN - L2TP - Not working
Post by: wonders81 on November 26, 2018, 09:39:02 AM
Hi!
I have a DIR-882 (HW:A1 FW:1.11) and I have the same issue: if I turn on the SPI firewall I can't connect to the VPN and the ports defined in virtual server section aren't working. Is it safe to install this linked beta version?
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on November 26, 2018, 11:34:04 AM
@wonders81
Since I've installed the beta I've had no issues with any bug/instability so from my experience I say give it a try .
Title: Re: VPN - L2TP - Not working
Post by: FurryNutz on November 26, 2018, 12:24:21 PM
Please give it a try and let us know how it works for you. If somethings happens, you can revert back to prior FW.

Hi!
I have a DIR-882 (HW:A1 FW:1.11) and I have the same issue: if I turn on the SPI firewall I can't connect to the VPN and the ports defined in virtual server section aren't working. Is it safe to install this linked beta version?
Title: Re: VPN - L2TP - Not working
Post by: wonders81 on November 27, 2018, 10:09:56 AM
OK, I uploaded the beta version, the router rebooted, but the version number is still FW: 1.11 on the web interface, and the problem still persist. I cannot connect through VPN if the SPI IPv4 is enabled. Is there a way to check the fw version number somewhere else?
Title: Re: VPN - L2TP - Not working
Post by: FurryNutz on November 27, 2018, 10:56:42 AM
Did you factory reset the router after uploading the FW file then set up from scratch?
This beta version is v1.11 B01 I presume the date would be how you determine from the last version you had loaded.


OK, I uploaded the beta version, the router rebooted, but the version number is still FW: 1.11 on the web interface, and the problem still persist. I cannot connect through VPN if the SPI IPv4 is enabled. Is there a way to check the fw version number somewhere else?
Title: Re: VPN - L2TP - Not working
Post by: me_iauras on November 28, 2018, 02:05:48 AM
OK, I uploaded the beta version, the router rebooted, but the version number is still FW: 1.11 on the web interface, and the problem still persist. I cannot connect through VPN if the SPI IPv4 is enabled. Is there a way to check the fw version number somewhere else?
For me it works ; as you can see from the screenshots >> https://imgur.com/a/OqHaFv6
As you can see I was connected to the VPN ( Samsung S9 , wifi and 4G ) as I was navigating the router's interface ; indeed the sw version is not changed (probably different build number though).
Hope it helps you
Title: Re: VPN - L2TP - Not working
Post by: wonders81 on November 29, 2018, 10:28:53 AM
Sorry, I just found it on the upgrade page. Sorry. It says the FW date is 2018-10-09. Is this the one I need?

[Before I do a factory reset: where can I check  the current Fw date? How can I be sure that the beta upload was successful?]
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on November 29, 2018, 10:31:06 AM
In your web browser, enter http://192.168.0.1/version.txt    (IP is the LAN ip of your router)
Title: Re: VPN - L2TP - Not working
Post by: wonders81 on November 29, 2018, 10:44:25 AM
Thank you GreenBay42, the internal version is V1.11B01, so it should be the right beta, but still, if I turn on the SPI the VPN does not work.

My router is behind the ISP-s router, but in it's DMZ. Is it possible that this is the problem?
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on November 29, 2018, 01:08:22 PM
it could be. VPN through double-NAT is not suggested even if DMZ is enabled. That just forwards all ports to the 2nd router, but the 1st router is still using NAT and inspecting all the incoming traffic so with the SPI enabled it may be blocking the incoming VPN connection from the 1st router. it is better to bridge it or get just a modem from the ISP.

I know this issue is hit or miss. My unit does not work no matter what firmware version I have but it did work for me_iauras. When SPI is enable, VPN does not work.

One thing to test, maybe if you have a friend or family you could try their network and see if the router works at their location...one without a modem/router combo.
Title: Re: VPN - L2TP - Not working
Post by: wonders81 on December 01, 2018, 11:17:03 PM
OK, thank you GreenBay42, I'll try to put the first router into bridge mode if I get there once.

Edit: sorry, I missed to turn on the pptp passthrough. After turning it on the outgoing vpn works fine.

[But one more strange thing: trying to connect to a PPTP VPN from the inside network through the D-Link and the ISP's router. With my previous router (which I replaced with the D-link) it worked without any problem. Now I can't connect through the D-link router. I connected my client into the middle network, right behind the ISP's router and before the D-link, and it also worked. So it seems like D-link is different in handling the VPN traffic than other routers.]
Title: Re: VPN - L2TP - Not working
Post by: wonders81 on December 17, 2018, 12:42:47 PM
I put the ISP-s device into pptp pass-through mode and now the VPN works fine. But is there a way to put the VPN clients into the same subnet as the inside network? It would be great if I shouldn't use the default gateway over the VPN.
Title: Re: VPN - L2TP - Not working
Post by: GreenBay42 on December 17, 2018, 01:20:41 PM
Your clients behind the router should get the IP settings from the VPN server.  Do not change the IP settings on your clients since when using a VPN it creates a virtual "adapter" that takes on your VPN IP settings.

If you can connect to your VPN and access shares, etc on that network, it is working.