VPN Passthrough

dgk123
Posts: 9
Joined: Sat Mar 08, 2014 11:33 pm

VPN Passthrough

Post by dgk123 »

Hi,

Has anyone had any problems with VPN passthrough on a 7800DX?

I use many VPN client connections for work - IPSec, L2TP with IPSec etc. When I try to connect from behind the Billion I can't, but can from behind any other router, including my old Sky router.

Does anyone else have this issue?

Thanks.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: VPN Passthrough

Post by billion_fan »

dgk123 wrote:Hi,

Has anyone had any problems with VPN passthrough on a 7800DX?

I use many VPN client connections for work - IPSec, L2TP with IPSec etc. When I try to connect from behind the Billion I can't, but can from behind any other router, including my old Sky router.

Does anyone else have this issue?

Thanks.
What firmware version are you on??
dgk123
Posts: 9
Joined: Sat Mar 08, 2014 11:33 pm

Re: VPN Passthrough

Post by dgk123 »

Hi billion_fan,

Apologies, I didn't see your reply and I have since logged a ticket with support.

I am on the latest firmware - 2.32d.

Thanks,
Damian
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: VPN Passthrough

Post by billion_fan »

dgk123 wrote:Hi billion_fan,

Apologies, I didn't see your reply and I have since logged a ticket with support.

I am on the latest firmware - 2.32d.

Thanks,
Damian
Are you using the standard windows setup or a different VPN client software??
dgk123
Posts: 9
Joined: Sat Mar 08, 2014 11:33 pm

Re: VPN Passthrough

Post by dgk123 »

I have the same problem using the standard windows VPN clients and the standard OSX client. Both work fine if I use the old Sky router or from any other location I take my laptop to.

As I noted in the support ticket, I can make this vpn connect temporarily by unticking the NAT-T option on the router, reticking it, then connecting while the IPSec software on the router restarts. Once it's restarted however I can no longer connect.

I have a L2TP with IPSec server connection set up on the Billion router so that I can connect back to my home network when travelling, and this works fine.

Thanks.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: VPN Passthrough

Post by billion_fan »

dgk123 wrote:I have the same problem using the standard windows VPN clients and the standard OSX client. Both work fine if I use the old Sky router or from any other location I take my laptop to..
So you have issues connecting to to a VPN server that is based else where? Is this correct??

You have enabled the onboard L2TP server and when you dial into the Billion using L2TP everything is fine?? Is this also correct??

So the only issue is connecting VPN passthrough?? (PC running VPN client, conencting to a VPN server somewhere on the internet?)
dgk123
Posts: 9
Joined: Sat Mar 08, 2014 11:33 pm

Re: VPN Passthrough

Post by dgk123 »

Exactly. I can connect back to the Billion from other sites ok. When I try to dial out using a VPN client on a Mac or PC from inside my own network, behind the 7800dx, I can't connect to those VPN servers, hence my guess that it may be a VPN Passthrough issue.

Here's the log from the Router for an IPSec connection out:

Mar 12 21:38:35 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange
Mar 12 21:38:37 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange
Mar 12 21:38:40 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange
Mar 12 21:38:43 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange


And here for a L2TP with IPSec conenction out:

Mar 12 21:39:40 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange
Mar 12 21:39:43 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange
Mar 12 21:39:46 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange
Mar 12 21:39:49 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange




Thanks
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: VPN Passthrough

Post by billion_fan »

dgk123 wrote:Exactly. I can connect back to the Billion from other sites ok. When I try to dial out using a VPN client on a Mac or PC from inside my own network, behind the 7800dx, I can't connect to those VPN servers, hence my guess that it may be a VPN Passthrough issue.

Here's the log from the Router for an IPSec connection out:

Mar 12 21:38:35 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange
Mar 12 21:38:37 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange
Mar 12 21:38:40 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange
Mar 12 21:38:43 authpriv warn pluto[4301]: packet from y.y.y.y:500: phase 1 message is part of an unknown exchange


And here for a L2TP with IPSec conenction out:

Mar 12 21:39:40 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange
Mar 12 21:39:43 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange
Mar 12 21:39:46 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange
Mar 12 21:39:49 authpriv warn pluto[4301]: packet from x.x.x.x:500: phase 1 message is part of an unknown exchange




Thanks

Which VPN server/service are you connecting too?? I want to try and replicate your issue
dgk123
Posts: 9
Joined: Sat Mar 08, 2014 11:33 pm

Re: VPN Passthrough

Post by dgk123 »

They are all corporate VPN servers. Obviously I can't give you access to them, but they range from Cisco 5510's running IPSec VPNs, Watchguard XTMs running IPSec VPNs, to another Billion 7800dx set up for L2TP with IPSec.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: VPN Passthrough

Post by billion_fan »

dgk123 wrote:They are all corporate VPN servers. Obviously I can't give you access to them, but they range from Cisco 5510's running IPSec VPNs, Watchguard XTMs running IPSec VPNs, to another Billion 7800dx set up for L2TP with IPSec.
Just to confirm, what is setup on the 7800DX?? IPsec L2TP server, Ipsec site to site?? (this 7800DX is one that is having the VPN passthrough issues I want to ensure I have the same setup as you, to replicate) also are you using FTTC or ADSL?

What is setup on your 7800DX (work router end)?? IPsec L2TP only?? again FTTC or ADSL (this will the 7800DX that the client fails to connect too)
Post Reply