actiontec routers vpn passthru

[wuenchy]

Anyone have experience with the actiontec1520 dsl router.
I cant get the vpn pass thru to work. I did a firmware upgrade as qwest requested. I mapped the nt server static IP address and open port 1723 for pptp. I setup ras on the server and tested ok. I am able to remotely get into the router fine.

 

[John Lewis]

What happens when you try to connect? Error messages, etc.

 

[wuenchy]

Error 678
The remote computer did not respond within a reasonable amount of time.
If you specified an IP address directly please check it. If connecting over a Modem please make sure the Modem connection is already running, and then try again.
I ran a port scanner and it was only showing port80 open and smtp port. I had the ISP provider run scanner he got the same thing. He just recommended for me to setup a cisco 678 for it because it is more advanced. But this actiontec is becoming real popular around here. Cisco 678 is not being hardly supported from qwest and they are hard to fine now. Maybe its a bad dsl router. I setup a workstation also on the network with pcanywhere for a test and mapped that workstation to open ports 5631-5632 which they use and I still cant get in with that program, so I know my server is not the issue.

 

[John Lewis]

Your immediate problem is with port 1723. Make sure that you are forwarding TCP on port 1723 to your VPN server. Also make sure that when you initiate the connection you are pointing your client to the address of the router, not the private IP of the VPN server.

You will also need protocol 47 (NOT PORT 47) passthrough enabled. This is sometimes called PPTP pass-through. The name of the protocol is GRE. That term is sometimes used in router configuration as well. Note that it should not be connected to a particular port. Also note that although this may be a problem, the error indicates a problem with forwarding on port 1723, perhaps you are forwarding UDP instead of TCP, or maybe you are pointing it to the wrong private IP. Again, pointing the VPN client to the wrong IP would also cause the problem.

Sorry I can't provide more specific information, but the Actiontec website is not friendly in the manual department and it has been too long since I had my hands on one. I can tell you that it is possible, however. I would not jump into a Cisco solution. Cisco is great, I prefer it, but you already have equipment that should suit your needs if you can get the config worked out. Bad hardware is possible, but not likely.

As for the port scanners, they often do not find 1723 open, even when it is configured properly. Doesn't necessarily indicate a problem, but again the particular error might.

On yet another note, close 5631-5632 if you have not already done so. That's asking for problems.

One other possibility, port 1723 is specific to PPTP, if you are using IPsec or L2TP, the rules change, so make sure as well that you are using PPTP.

Hope this is of some help.

 

[will66]

I have the Actiontec DSL Modem 1520. After several hours of tweaking I could not get VPN to terminate. I called my ISP (QWSEST) who supplied me with the modem and advertise it as VPN compatible. They could not help. I called Actiontec and talked to an Actiontec engineer who told me that that modem does NOT support VPN termination. I am looking for a DSL modem that does support VPN termination. I will let you know if I find one. If you have any success, please let me know.