VPN on WNR3500L with DD-WRT v24-sp2 04/23/10 (14311)

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
E++
DD-WRT Novice


Joined: 21 Feb 2009
Posts: 4

PostPosted: Sat May 08, 2010 9:21    Post subject: VPN on WNR3500L with DD-WRT v24-sp2 04/23/10 (14311) Reply with quote
Hi all,

I have a Microsoft Forefront Threat Management Gateway server at home for VPN (among other things), but when I recently upgraded from my Linksys WRT54GL to the Netgear WNR3500L, I lost the ability to connect to the VPN.

When trying to establish a connection, the error message reads: [...]The most common cause for this failure is that at least one Internet device between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets [...]

At first I thought it might be because the stock firmware doesn't allow GRE packets to pass through, so I installed DD-WRT (which I was running on my old WRT54GL) and made sure the VPN Passthrough settings were enabled. However, I am still getting the same error with the Netgear router, while the WRT54GL router with the same settings doesn't cause this error with the VPN connection.

Has anyone encountered a similar issue or is able to help me with this? I copied all the settings exactly from my old router to my new, so I have no clue why it isn't working.

Thanks in advance for your help.
Sponsor
jumran
DD-WRT User


Joined: 31 Jul 2009
Posts: 492
Location: Toronto, ON, CA

PostPosted: Sat May 08, 2010 13:43    Post subject: Reply with quote
The version of DD-WRT required for your WNR3500L (DD-WRT Kernel 2.6) has a PPTP VPN pass-through bug which your previous router would not encounter since that was using DD-WRT Kernel 2.4. You can try adding and saving the following start-up command code to see if it fixes your VPN issue.

Code:
/sbin/insmod xt_connmark
/sbin/insmod xt_mark
/sbin/insmod nf_conntrack_proto_gre
/sbin/insmod nf_conntrack_pptp
/sbin/insmod nf_nat_proto_gre
/sbin/insmod nf_nat_pptp
E++
DD-WRT Novice


Joined: 21 Feb 2009
Posts: 4

PostPosted: Sat May 08, 2010 13:47    Post subject: Reply with quote
Odd, I actually added my VPN endpoint server to the DMZ to see if that actually did anything and it did solve the issue.

I'd rather not do that, so any pointers as to how/where I can enter those startup commands you mentioned?
jumran
DD-WRT User


Joined: 31 Jul 2009
Posts: 492
Location: Toronto, ON, CA

PostPosted: Sat May 08, 2010 15:31    Post subject: Reply with quote
Go to Administration>Commands tab and then in the commands input box type in the code from the previous post. After the commands are entered, press the Save Startup Button and reboot the router. Hopefully this will fix the GRE pass-through bug and allow the VPN to work without the DMZ. If the code does not resolve your issue, try port forwarding the proper VPN port to your server.


DD-WRT Commands.JPG
 Description:
 Filesize:  64.81 KB
 Viewed:  17367 Time(s)

DD-WRT Commands.JPG


E++
DD-WRT Novice


Joined: 21 Feb 2009
Posts: 4

PostPosted: Sat May 08, 2010 19:39    Post subject: Reply with quote
Awesome, that fixed it Smile Thanks a lot!
duceduc
DD-WRT User


Joined: 15 Apr 2009
Posts: 56
Location: JP

PostPosted: Mon Dec 02, 2013 10:06    Post subject: Reply with quote
Thanks for the info. I was fiddling with it for the last 3 days. I particular had given up until I found this post.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum