Filbert66's profile

Teacher

 • 

10 Messages

Thursday, October 13th, 2011 6:32 PM

PPTP VPN fails to work after installing Motorolla NVG510

Hello,

 

I can run an IPsec VPN, but the PPTP VPN falis to work since I got U-verse with this modem (used to work over DSL). Does anyone know of a VPN passthrough setting for the NVG510 ? 

 

I run MacOS Lion 10.7.2, and my IPsec client only works in 32 bit mode. Want to be able to run in 64 bit mode with native Apple PPTP VPN client. I've confirmed that the PPTP VPN fails to work now on my 10.6 machine, so it's the AT&T modem, not Lion.

 

When I contacted AT&T support to ask for details, I first got bounced to a different chat session, then was told to call a number, and then was told that only "Special Services" knows how to deal with VPNs, then the first person I spoke to there didn't know what a VPN was. On insisting for someone who knew what that was, I was given a manager who then told me that I was required to pay for help. Pay for something that AT&T broke?! No, thank you, I said. She politely offered to transfer me back to the first people (U verse support) who know nothing about VPNs, and I agreed in order to try at least to get a modem manual and CD. But on transferring, I was disconnected! 

 

Further details from Console:

Oct 13 10:34:58 filbert  pppd[1533]: PPTP connection established.

Oct 13 10:34:58 filbert  pppd[1533]: Connect: ppp0 <--> socket[34:17]

Oct 13 10:35:28 filbert  pppd[1533]: LCP: timeout sending Config-Requests

Oct 13 10:35:28 filbert  pppd[1533]: Connection terminated.

Oct 13 10:35:28 filbert  pppd[1533]: PPTP disconnecting...

Oct 13 10:35:28 filbert  pppd[1533]: PPTP disconnected

 

From what I've been able to determine, the modem is not forwarding GRE protocol packets, but can't figure out how to enable that on the modem.

Contributor

 • 

1 Message

12 years ago

I got the NVG510 gateway recently and faced the same issue with PPTP VPN

Your workaround fixed the issue, thanks for posting. It saved me a lot of time with AT&T support.

Teacher

 • 

10 Messages

12 years ago

Bangback, your solution to use IP Passthrough does indeed expose the computer you specify (by MAC address) to the wild Internet. Make sure you have a strong host-based firewall active on that host, or you are very likely to get infected with some kind of malware. Expect to get port-scanned within 60 seconds of activating that configuration (yes, that's been tested, and it's less than 60!).

 

I am holding out for a true solution that doesn't require that compromise.


@Bangback wrote:

Ok, I got a workaround that's working for me.

 

Hopefully Motorola will come out with a firmware update soon that will allow the needed packets to pass through without using IP Passthrough.  I guess using this method will allow your machine to be vulnerable to attacks because you're basically putting it in front of the firewall.

 

Here's what I did:

 


 

Expert

 • 

9.4K Messages

12 years ago

You can also set up the NVG510 like this and instead of putting the public IP on a computer, put it on your own router. Then your own router can do the firewalling and PPTP passthrough.

This is the method used for running your own router with the other U-Verse gateways, such as the 2Wire 3x00 series.

Teacher

 • 

10 Messages

12 years ago


@SomeJoe7777 wrote:
You can also set up the NVG510 like this and instead of putting the public IP on a computer, put it on your own router. Then your own router can do the firewalling and PPTP passthrough.

This is the method used for running your own router with the other U-Verse gateways, such as the 2Wire 3x00 series.

Good idea! I have an existing Apple Airport Extreme, which could do the firewalling. I'd prefer to make the NVG510 transparent, and yield the public address to my router, rather than making it share a private IP and then I have to share another private range behind that. That will take some time to fine-tune, I think.

 

I was upset that I couldn't use the Guest network on my Extreme, because it was no longer on the "share a public IP" setting. So I put the guest network on the NVG, and it works. But if I could get the NVG to just be a modem, not a router, then I can go back to my previous settings. Will post details later if it works. 

Teacher

 • 

10 Messages

12 years ago

OK, tried setting the NVG to Passthrough mode. Some success, but couldn't get it to work with settings that worked for Bangback . First, had to turn off "Cascaded Router" mode under Home Newtork/Subnets. Then had to power off the NVG even after it reset itself, because it was not allowing me to view the Firewall screens (would go to home screen after entering passcode). Even once had that all working, and verified the MAC address was right, it still was not assigning the fixed IP to the Apple Airport router. Tried resetting and repowering each device multiple times.

 

However, I then reconfigured the Passthrough to Manual IP mode, configured the Apple router manually with that IP, and it works! Less desirable, because I don't have a fixed IP with AT&T U-verse, but it's good enough for now. If they ever change my IP, I'll just have to reconfigure my local router. 

Contributor

 • 

2 Messages

12 years ago

Joe, Can you explain how to do this?

Expert

 • 

9.4K Messages

12 years ago

Follow Bangback's directions above in message #10.  But you will have to use your own router instead of a single computer, and the router you use must allow VPN passthrough (most 3rd-party routers do).

 

You'll also need to apply the modifications that Filbert66 talked about in message #15, he was able to get this to work using his Apple router.

 

I do not have an NVG510, so I can't give you any directions more specific than these.  I have not even seen one of these units.

 

Contributor

 • 

2 Messages

12 years ago

Filbert66, to what IP are you refering to when you say 'that IP'? Which IP and where do i find it?

Expert

 • 

9.4K Messages

12 years ago

I believe the IP he is talking about is the IP address that would be assigned by AT&T to the WAN side of the NVG510 router (in other words, the one publically routable IP address that AT&T gives you).

The idea is to have that IP address assigned to the WAN interface of your own router. Usually with the 2Wire units, this is done by enabling DMZPlus mode and then your own router will get this IP address via DHCP.

Filbert66 is saying that he tried it that way but his own Apple router would not complete the DHCP process to get the IP address from the NVG510. Instead, he enabled a manual method and he manually assigned the public IP address to the Apple router.

This works OK because even though the IP address assigned by AT&T is technically dynamic, it actually rarely or never changes unless AT&T replaces your router.

 

You can also take a look at this alternate procedure for enabling a router-behind-router setup for the NVG510 -- this person used an Apple Airport Express router, but virtually any router should be similar:

 

http://forums.att.com/t5/Features-and-How-To/NVG510-Bridge-Mode/m-p/2928989#M29846

 

Teacher

 • 

10 Messages

12 years ago

If the settings Bangbak recommends don't work for you, like they didn't for me, here's details how I made it work:

 

1. Find the WAN IP address.

    a. Go to your NVG settings page, which by default is at http://192.168.1.254 

    b. Click "Broadband", and copy the IP address next to "Broadband IPv4 Address"

    c. Note the router address next to "Gateway IPv4 Address".

    d. Note the DNS servers next to : "Primary DNS" and "Secondary DNS"

 

2. Following Bangbak, go to the Firewall, IP Passthrough page on your NVG control page. Set 'Passthrough Mode" to Manual. Other settings there can be left blank. Hit "Save" and "reboot" the NVG. 

 

3. Making sure your computer can still talk to your local router, on your local router, set it's WAN IP to "static" using the copied IP address.

   a. If you have an Apple Airport Extreme, start the Airport Utility, click Manual Setup, then Internet, and then TCP/IP tab.  I set mine to: 

        Configure IPv4: manually

        IP address:

        Subnet mask : 255.255.128.0 worked for me (see note b)

        Router address:

        DNS Server(s): <as copied in step 1d, or use another DNS provider like OpenDNS>

    b. My assigned "Gateway IPv4 Address" was 108.209.176.1, but my assigned WAN IP was in 108.209.177.x, so the netmask is not the typical 255.255.255.0. The 176 and 177 don't match. But they both are greater than 128, so 128.0 matches both. I had set the typical three 255s first, but that didn't work. 

 

3. I also set my Airport "Internet Connection" this way, per Bangbak's suggestions:

     Connect using: Ethernet (It is the only thing plugged into my NVG's Ethernet ports. All else is plugged into the Airport's ports.)

     Ethernet WAN Port: Automatic

     Connection Sharing: Share a public IP address

     

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.