8900X R3 - VPN Passthrough not working

[steveb]

I've just purchased an 8900X R3 and its running 2.52.d5 to replace an ASUS DSL-AC68U

A few things which haven't gone very well - the main issue being VPN passthrough no longer works. I've configured the 8900X in bridging mode (main reason I am trying to swap out the DSL-AC68U) using PPPoE on VDSL2 profile 17a. Problem is that the Shrewsoft VPN client now won't bring up the tunnel, and the likely explanation is that the 8900X is not passing through VPN traffic.

I've seen on other Forum's here that you should disable NAT-> ALG-> IPSec and it does't work with it set to enabled or disabled.

The other problem is that the SNR setting is being ignored by the Broadcm DSLAM. The Asus has its SNR set at 3dB and it connects at 11.7dB Line Attenuation with SNR at 2.8. The 8900X is only managing 18.5dB Line Attenuation with 6.4 SNR Margin (both using the same cable). The other thing is that the ASUS is getting Interleave depth of 1 in both directions whereas the 8900X is running with an ID of 8. I would hope that the line stats gets better when it settles down but the main issue is the VPN Passthrough not working

At the moment its a poor swap compared to the ASUS - I don't want to raise a support ticket yet to make sure I can still send it back. Has anyone else managed to get this working with VPN passthrough?

All help appreciated - cheers.

[billion_fan]

I've just purchased an 8900X R3 and its running 2.52.d5 to replace an ASUS DSL-AC68U

A few things which haven't gone very well - the main issue being VPN passthrough no longer works. I've configured the 8900X in bridging mode (main reason I am trying to swap out the DSL-AC68U) using PPPoE on VDSL2 profile 17a. Problem is that the Shrewsoft VPN client now won't bring up the tunnel, and the likely explanation is that the 8900X is not passing through VPN traffic.

I've seen on other Forum's here that you should disable NAT-> ALG-> IPSec and it does't work with it set to enabled or disabled.

The other problem is that the SNR setting is being ignored by the Broadcm DSLAM. The Asus has its SNR set at 3dB and it connects at 11.7dB Line Attenuation with SNR at 2.8. The 8900X is only managing 18.5dB Line Attenuation with 6.4 SNR Margin (both using the same cable). The other thing is that the ASUS is getting Interleave depth of 1 in both directions whereas the 8900X is running with an ID of 8. I would hope that the line stats gets better when it settles down but the main issue is the VPN Passthrough not working

At the moment its a poor swap compared to the ASUS - I don't want to raise a support ticket yet to make sure I can still send it back. Has anyone else managed to get this working with VPN passthrough?

All help appreciated - cheers.

I haven't had any reported issues with 8900xr3, with VPN passthrough, (client PC dialling out to a VPN server)

As the Billion is in 'Bridging' mode the connection is bridged so nothing should be blocked (the connecting router should obtain the WAN IP, and deal with all the routing etc)

A quick test to perform, you can setup a PC for a PPPoE connection, with your broadband username and password entered, and once connected and a WAN IP obtained, on your LAN, try your VPN connection again (this should help to see if the Billion is the issue)

Regarding the SNR, there is not much we can do as on the Billion you can't tweak the SNR on a VDSL line. (only on a ADSL line), as the 8900xr3 is running the latest firmware 2.52.d5 it should have the latest DMT code released.

[steveb]

Thanks for this billion_fan. As you are one of the moderators then is there any point me contacting tech support ? (Assuming you work for Billion)

On your suggestion- I can try them out of hours later. The only other thought I had was that the bridging mode was messing up the NAT somehow (as it is still turned on) so I can also try this as a "standard" config to see if the problem lies there.

Shame you can't tweak the SNR on VDSL as this works on the ASUS. The only other disappointing thing is the line attenuation is showing as 18.5 dB compared to 11.7 dB on the ASUS. This is quite a difference for the same cable - could it be that the circuity is generating some noise ?

This is maybe the reason the DSLAM is not offering FastPath compared to an interleave depth of 8 on downloads.

The only thing the 8900X beats the ASUS on is ping times !! Its around 10ms quicker than the ASUS - which is a shame as I was hoping this would be an improvement all round

[billion_fan]

Thanks for this billion_fan. As you are one of the moderators then is there any point me contacting tech support ? (Assuming you work for Billion)

On your suggestion- I can try them out of hours later. The only other thought I had was that the bridging mode was messing up the NAT somehow (as it is still turned on) so I can also try this as a "standard" config to see if the problem lies there.

Shame you can't tweak the SNR on VDSL as this works on the ASUS. The only other disappointing thing is the line attenuation is showing as 18.5 dB compared to 11.7 dB on the ASUS. This is quite a difference for the same cable - could it be that the circuity is generating some noise ?

This is maybe the reason the DSLAM is not offering FastPath compared to an interleave depth of 8 on downloads.

The only thing the 8900X beats the ASUS on is ping times !! Its around 10ms quicker than the ASUS - which is a shame as I was hoping this would be an improvement all round

NAT should be off for the bridging WAN interface (I would suggest trying to remove all other WAN interfaces leaving only the PTM >> Bridging and 3G/LTE interface (just to be sure)

You can submit a ticket on http://www.billion.uk.com/esupport/inde ... ets/Submit, but I will answering your support ticket,

Regarding the difference in line attenuation and SNR, I can only put this down to different model/chipset/DMT code. (as you are using the same cables etc, I don't think its a noise issue, as the Asus should be showing similar results)

What are the sync speeds like ??

I have seen some users start at a SNR of 6db and over time as DLM senses stability it will drop the SNR to 3db by default.

[steveb]

Hi - thanks for your reply. I don't want to raise a ticket just yet in case I need to send it back ..

I had to Google DMT - and managed to work out that you are not on about the Psychedelic drug I was also expecting/hoping the DSLAM to drop the SNR to 3 on its own once settled. Assuming that I could sort out this VPN problem that is.

I also spotted that the ASUS supports PPPoE passthrough - so I was going to try running it in this mode just to make sure the problem wasn't caused by the Watchguard firewall in PPPoE mode as well. I'm not sure if this makes a difference though but I've got a DMZ Host configured - I would have thought that the 8900X would not be using its LAN address when in Bridging mode but it seems that it is still available. I've got one of the zones on the Watchguard look like a different IP address (192.168.1.3 instead of 192.168.1.2 - which is what it originally was before I setup the WG to use PPPoE)

As well as disabling the ADSL profile, I have a couple of things to try and then will report back.

One other thing - will this ever support Profile 30a ? I was unsure if this is a firmware change or chipset update

[billion_fan]

Hi - thanks for your reply. I don't want to raise a ticket just yet in case I need to send it back ..

I had to Google DMT - and managed to work out that you are not on about the Psychedelic drug I was also expecting/hoping the DSLAM to drop the SNR to 3 on its own once settled. Assuming that I could sort out this VPN problem that is.

I also spotted that the ASUS supports PPPoE passthrough - so I was going to try running it in this mode just to make sure the problem wasn't caused by the Watchguard firewall in PPPoE mode as well. I'm not sure if this makes a difference though but I've got a DMZ Host configured - I would have thought that the 8900X would not be using its LAN address when in Bridging mode but it seems that it is still available. I've got one of the zones on the Watchguard look like a different IP address (192.168.1.3 instead of 192.168.1.2 - which is what it originally was before I setup the WG to use PPPoE)

As well as disabling the ADSL profile, I have a couple of things to try and then will report back.

One other thing - will this ever support Profile 30a ? I was unsure if this is a firmware change or chipset update

This model will not support profile 30a (I checked with our engineers about this a while back)

The LAN side address / DHCP server option can be disabled (normally advised when running in Bridging mode) to make sure your Watchguard is not obtaining a LAN IP address from the Billion (Configuration >> LAN >> Ethernet)

[steveb]

Hi - thanks for the info. I have managed to get it working - first got it working in normal mode then in bridging mode. It was a legacy config on the NAT just for one of the zones on the WG.

The only thing I haven't done yet is assign a DMZ Host. I would only normally do this to make sure the WG is acting as the firewall and not the 8900X but from what you were saying it automatically defaults to this when run in bridging mode ?

Thanks for your help - just need to make sure the SNR margin settles down to something reasonable and we are sorted.

Cheers

[billion_fan]

Hi - thanks for the info. I have managed to get it working - first got it working in normal mode then in bridging mode. It was a legacy config on the NAT just for one of the zones on the WG.

The only thing I haven't done yet is assign a DMZ Host. I would only normally do this to make sure the WG is acting as the firewall and not the 8900X but from what you were saying it automatically defaults to this when run in bridging mode ?

Thanks for your help - just need to make sure the SNR margin settles down to something reasonable and we are sorted.

Cheers

Thanks for the update SteveB, hope it hasn't been too troublesome......lol

DMZ is not needed in 'Bridging' mode as the connection is bridged and not running NAT (DMZ, Virtual Severs etc are only used in NAT/Router mode as DMZ will open all ports from a external IP to a Internal IP, in your case Bridging mode is used so the WAN IP is passed over to connecting device the WG)

I hope the SNR settles downs soon (target 3db), which it should as long as there are no user interventions eg reboots/DSL disconnections, (regarding a time scale I can not say, as DLM will control this, if the connection is stable DLM should adjust)

[steveb]

Noted - cheers

[steveb]

Hi - its been a month and the DSLAM is not giving me a better SNR and the line is as stable as it gets. I was wondering if there is something obvious in my config I have
Modulation just VDSL2 ticked
Profile just 17a ticked
US0 Enable
Phone line pair Inner pair
Capability Bitswap SRA both ticked and I have tried neither ticked and either ticked
PhyR Downstream ticked

The status info gives me
xDSL
Mode VDSL2
Traffic Type PTM
Status Up
Link Power State L0
Downstream Upstream
Line Coding (Trellis) On On
SNR Margin (dB) 6.3 5.6
Attenuation (dB) 18.3 0.0
Output Power (dBm) 13.0 7.6
Attainable Rate (Kbps) 71524 20935
Rate (Kbps) 70347 20000
B (# of bytes in Mux Data Frame) 243 239
M (# of Mux Data Frames in an RS codeword) 1 1
T (# of Mux Data Frames in an OH sub-frame) 0 64
R (# of redundancy bytes in the RS codeword) 10 0
S (# of data symbols over which the RS code word spans) 0.1104 0.3819
L (# of bits transmitted in each data symbol) 18398 5028
D (interleaver depth) 8 1
I (interleaver block size in bytes) 254 120
N (RS codeword size) 254 240
Delay (msec) 0 0
INP (DMT symbol) 48.00 0.00
OH Frames 0 0
OH Frame Errors 869 14058
RS Words 2171544664 77560259
RS Correctable Errors 87812 0
RS Uncorrectable Errors 0 0
HEC Errors 0 0
OCD Errors 0 0
LCD Errors 0 0
Total Cells 627064075 0
Data Cells 2356384400 0
Bit Errors 0 0
Total ES 24 6440
Total SES 15 22
Total UAS 406 391

On the ASUS DSL-AC68U I would have been getting around 75000 Kbps and an interleave depth of 1 (Fastpath) combined wwith an SNR of around 2.9 and a line attenuation of 11.8

Any ideas ?
All help appreciated cheers