Posted: Wed Jul 01, 2009 4:31 Post subject: Verizon Network Extender firewall config in DD-WRT
This info may not be new for some or many people. But for the other newbs like myself, I hope this helps.
If you bought a Verizon Network Extender (US Only) and hooked it up behind your router but find that the GPS and the SYS light are still red. You may need to open some ports in the Applications and Gaming tab.
First, assign a static IP to your Verizon Network Extender. Then in "Applications and Gaming", choose Port Range forward and open UDP ports: 53, 52428, 500 and 4500 and enter the static IP of the device in the IP field. The application name is arbitrary. See attachment.
Posted: Fri Aug 07, 2009 22:22 Post subject: Re: Verizon network extender
How do you cfg the Verizon network extender to use a static IP addr?
This is how I did a static IP address on mine. After setting it up I accessed my routers LAN Status page and I could see the MAC address of it in there. I then took the MAC address and entered it in Static Leases under the Services tab. You can give it any name you want.
I'm in the same situation here, using a Linksys WRT54GS, flashed with "DD-WRT v24-sp2 (10/10/09) mini". Prior to flashing, the network extender had stopped working while still on the default Linksys setup and firmware. All other devices behind this router work flawlessly.
The NE worked perfectly for several months, then one day it simply stopped connecting, then after power cycling it stopped locking the sys and GPS lights completely (they stay solid red). It has an IP assigned with a static lease, and I've tried everything from port range forwarding to DMZ and it can't get out of the LAN. Shut everything down (power off) and restarted slowly from the street in, several times.
New extender, cable, port on the router and so on, nothing has worked. I can see it making connections to attempt access, but it never manages.
Verizon closed my issue twice (without informing me) calling it "resolved" as they couldn't "see" the device, blaming Roadrunner (ISP). RR, naturally, blames Verizon's device, but was able to confirm that the modem is working great and they don't block anything. (I mentioned port 80...and was met with silence). ;)
Any insight, tips, help or advice would be most welcome.
I'd had that thought but hadn't tried it since I didn't believe I could switch before the router and have it all function. Since I had a small 5 port unit I wasn't using, just tried it, but can't get both the router and NE to connect at the same time. I got the NE to lock up, but lost internet. When I rebooted the router, it obtained an IP that allowed internet, but the NE dropped dead again. I'd have to assume Roadrunner won't assign 2 IPs to the same location, since that's the only logical reason for it to fail.
I can apparently have an IP for my LAN or for my phone, but not both, and can no longer get it to work behind the router at all (which is mysterious as to why it did work then suddenly didn't).
Posted: Mon Jun 28, 2010 11:53 Post subject: Verizon Network Extender problems
This is where it gets a little iffy perhaps.
Try putting just your NE extender directly into your cable modem and nothing else. It should connect in like 10 minutes, but if not give it the hour just to see if it's working and will keep a stable connection.
If it works then then you know it's something with your setup.
Some cable modems actually have a routing function built into them. You could look into that.
I could never figure out if mine did or not (I don't believe it does) but putting the switch after the modem and before the router basically allowed me to "split" the signal to two places. I'm not enough of a network engineer to know if it should have worked, or is right to do, but it's working now.
I never would do this with a regular PC because without the firewall the computer would be affected in minutes. But I think the NE is relatively safe there.
Actually, the first time it was connected via switch ahead of the router it connected fine, and almost immediately. Unfortunately, when I lost my internet in the process, I kick started the router to get it back, and in doing so that bumped the NE off line again.
One or the other, looks like. Internet wins. ;)
I'll be calling RR again today (shudder), and then Verizon. Nothing like several hours each being penciled into your day...
Posted: Thu Jul 01, 2010 0:56 Post subject: [Resolved!]
After speaking with both RR and Verizon, there appeared to be no hope of resolution for this, it simply wouldn't work. RR would assign only one IP (without throwing money at it), and it wouldn't work behind the router. Even Linksys/Cisco wouldn't help unless I paid $50 for 6 months of support.
Desperate, I began reading every "more" link on each page in the DD-WRT firmware I'd flashed this with.
Reading about "DNSMasq", I came to try it with that off under "Setup -> basic setup -> Network Address Server Settings (DHCP)". Unchecked all three:
Use DNSMasq for DHCP
Use DNSMasq for DNS
It sprang to life, and locked up within minutes. Been working like a champ since! I'd swear I'd tried it both ways, but as is often the case in networking equipment, rebooting from the street in after major changes is sometimes needed to make it all recognize the change.
I reckon the first NE had died and my efforts to revive it, which included flashing the router and changing that setting, caused it to break the connection before unit #2 arrived. Installing that didn't work because it was still using the broken settings and so on. Hope this helps the next person that runs afoul of this. Hooray for happy endings.
@wbear: I have the EXACT same situation as you. RoadRunner and Verizon Network Extender. Only difference is that I'm using a debian box running on an old HP ProLiant DL380 Server I picked up on eBay for $150. ;)
I am pleased to tell you that there is a solution to this problem, but it isn't quite what you had in mind.
The reason why the extender works when plugged into the cable modem turned out to be completely unrelated to the router itself: it got a new IP address!
By changing my MAC address on the ethernet card on my server, the server obtained a new IP address as well, and then the network extender started getting responses from the VPN requests! (I was watching using tcpdump and going through my iptables rules with much hair-pulling frustration).
I don't know why this happens, but it seems that on Verizon's end, something causes it to stop responding to your IP address. In my case, it happened after a power surge, so I thought perhaps it was due to the VPN not closing. But, this is beyond my knowledge.
The solution: next time, change your IP and try again.
Posted: Sat Sep 03, 2011 2:25 Post subject: What worked for me
Sorry for grave digging this thread. I tried all of the suggestions above with no success, but I was finally able to make my SCS-2u01 work by disabling stateful packet inspection under Security / Firewall / Firewall Protection. I enabled remote syslog in dd-wrt and noticed that UDP 4500 NAT-T was being blocked by dd-wrt even though I had the port forwarded properly.
Disabling SPI is a temporary workaround, and I will continue to search for a fix to make the SCS-2u01 work with SPI enabled, but if you have trouble getting your VZW NE online (solid magenta GPS LED and fast blinking red SYS LED), try disabling SPI. It worked for me in conjunction with the port forwarding settings above. I hope this helps someone else.