8800NL in Bridge Mode Blocking VPN

Discussions for BiPAC 8800 series: 8800NL
Post Reply
Andyh747
Posts: 4
Joined: Fri Aug 10, 2018 8:33 pm

8800NL in Bridge Mode Blocking VPN

Post by Andyh747 » Mon Mar 04, 2019 10:30 pm

I've just taken delivery of a Ubiquiti UniFi USG gateway which I am now using for all my firewall and routing needs. I was previously using the 8800NL.

I reset the 8800NL to defaults and then placed the WAN connection (ADSL connection) to bridged mode. I then connected the USG to the Billion and have internet access. All well on that front.

I then setup the VPN service on the USG but I am unable to connect from outside the LAN as the ports are being blocked somewhere upstream of the USG. I'm assuming this must be the Billion which is blocking the VPN server from connecting. I can connect if I use the internal LAN address of the USG while inside the LAN but all attempts at using the WAN side IP fails.

I've been trying to ascertain what I've done wrong in the setup of the Billion in bridge mode to cause this. Please if anyone has any pointers as to why this is happening I'd really appreciate the help.
You do not have the required permissions to view the files attached to this post.

billion_fan
Posts: 5176
Joined: Tue Jul 19, 2011 4:30 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by billion_fan » Tue Mar 05, 2019 9:25 am

Andyh747 wrote:
Mon Mar 04, 2019 10:30 pm
I've just taken delivery of a Ubiquiti UniFi USG gateway which I am now using for all my firewall and routing needs. I was previously using the 8800NL.

I reset the 8800NL to defaults and then placed the WAN connection (ADSL connection) to bridged mode. I then connected the USG to the Billion and have internet access. All well on that front.

I then setup the VPN service on the USG but I am unable to connect from outside the LAN as the ports are being blocked somewhere upstream of the USG. I'm assuming this must be the Billion which is blocking the VPN server from connecting. I can connect if I use the internal LAN address of the USG while inside the LAN but all attempts at using the WAN side IP fails.

I've been trying to ascertain what I've done wrong in the setup of the Billion in bridge mode to cause this. Please if anyone has any pointers as to why this is happening I'd really appreciate the help.
Your settings look correct, as the 8800NL is in bridging mode (modem mode) the billion should not be blocking you. (as you can see the firewall and NAT is disabled)

The WAN IP address should be passed over to the USG (the device that authenticates), so the USG should be controlling the internet connection (in bridging mode the BIllion does not obtain a WAN IP, and hence is just a pass through device)

What type of VPN server are you setting up on the USG??

Andyh747
Posts: 4
Joined: Fri Aug 10, 2018 8:33 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by Andyh747 » Tue Mar 05, 2019 9:57 am

Thanks for the reply.

Yes that's what I thought but when Ubiquiti support got me to run a test by listening on ports 1701, 500 and 4500 no traffic was getting through to the USG.

I've setup a L2TP VPN on the USG with RADIUS server authentication. If I use the internal LAN address of the USG on my clients then the VPN connects without problem. It just won't connect from the external WAN. I can confirm that the USG has the external WAN IP so it would appear everything is working on the bridged front.

I had this working when I just had the Billion operating as router and modem with the required ports forwarded to my Synology NAS were the VPN server was running.

Can you think of anything else to try?

billion_fan
Posts: 5176
Joined: Tue Jul 19, 2011 4:30 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by billion_fan » Tue Mar 05, 2019 10:32 am

Andyh747 wrote:
Tue Mar 05, 2019 9:57 am
Thanks for the reply.

Yes that's what I thought but when Ubiquiti support got me to run a test by listening on ports 1701, 500 and 4500 no traffic was getting through to the USG.

I've setup a L2TP VPN on the USG with RADIUS server authentication. If I use the internal LAN address of the USG on my clients then the VPN connects without problem. It just won't connect from the external WAN. I can confirm that the USG has the external WAN IP so it would appear everything is working on the bridged front.

I had this working when I just had the Billion operating as router and modem with the required ports forwarded to my Synology NAS were the VPN server was running.

Can you think of anything else to try?
What firmware version are you using on the 8800NL??

Andyh747
Posts: 4
Joined: Fri Aug 10, 2018 8:33 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by Andyh747 » Tue Mar 05, 2019 10:38 am

It's running Software Version :
2.32e.d14

billion_fan
Posts: 5176
Joined: Tue Jul 19, 2011 4:30 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by billion_fan » Tue Mar 05, 2019 10:42 am

Andyh747 wrote:
Tue Mar 05, 2019 10:38 am
It's running Software Version :
2.32e.d14
I'll run quick test here and get back to you

8800NL Bridge mode ADSL >>> Billion VPN router (as I don't have a USG here, so I will use another router with a on board VPN server LT2P over IPsec)

Andyh747
Posts: 4
Joined: Fri Aug 10, 2018 8:33 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by Andyh747 » Tue Mar 05, 2019 11:01 am

Thanks so much for your time on this.

I decided to try a different router/modem which I had spare just to check whether this was an issue with the Billion or somewhere else. The replacement router in bridge mode does exactly the same so I think that rules out the Billion being at fault. It's also not at the ISP.

As an experiment I disconnected my main network from the USG and then connected my laptop to the USG via ethernet. Now I can connect successfully to the VPN both using the WAN IP and LAN IP. This would suggest something on my network causing the problem but I can't really understand that as the VPN should connect at the USG and whatever is on the LAN shouldn't cause a problem.

Thanks for your replies and help, it is much appreciated. Sorry it turned out to be something unrelated to the Billion which I'm still at a loss to explain.

billion_fan
Posts: 5176
Joined: Tue Jul 19, 2011 4:30 pm

Re: 8800NL in Bridge Mode Blocking VPN

Post by billion_fan » Tue Mar 05, 2019 11:10 am

billion_fan wrote:
Tue Mar 05, 2019 10:42 am
Andyh747 wrote:
Tue Mar 05, 2019 10:38 am
It's running Software Version :
2.32e.d14
I'll run quick test here and get back to you

8800NL Bridge mode ADSL >>> Billion VPN router (as I don't have a USG here, so I will use another router with a on board VPN server LT2P over IPsec)
Ok I just ran a quick test

8800NL ADSL Bridging mode (same you as your setup PTM and ATM bridge)

8900AX-1600R2 (router connected to the 8800NL) setup with internal L2TP over IPsec server (8900ax obtains the WAN IP)

Android phone connected to the VPN via different internet connection,

All working

(Edit just saw you post above so not to worry)
You do not have the required permissions to view the files attached to this post.

Post Reply