Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Need help connecting your router?
bakershack's profile

Observer

 • 

8 Messages

Wednesday, March 18th, 2020 8:35 PM

L2TP VPN BLOCKED by AT&T Uverse Router

I have several users who cannot access our company VPN from home because of AT&T's boneheaded decision to block the ports/protocols used for the VPN. Has ANYONE ever figured out how to configure the 5286A router issued by AT&T? The COVID-19 issue has the vast majority of our people working from home, but those who cannot access the VPN are handicapped, costing the company a LOT of money.

Accepted Solution

Official Solution

Community Support

 • 

232.1K Messages

4 years ago

Hey @bakershack,

 

We'd like to help you with this. You will have to find the ports that your VPN runs under, and open it up in the router. Here is how to setup port forwarding. Here is a list of ports blocked by AT&T and why.

Let us know if this helps.

Max, AT&T Community Specialist

Observer

 • 

8 Messages

@ATTHelp Who marked this as an Accepted Solution? I didn't! I am at the mercy of my users to try this to verify that it works. I had already tried something very close to this, and it did NOT work. I am trying to get one of my users to try following these instructions exactly to see if it works, but I have not been able to verify it yet.

Community Support

 • 

232.1K Messages

Hey @bakershakc,

 

The information provided worked for another forums user. They may have marked it as a solution for them.

If you need additional assistance with this. Let us know and we be glad to help.

Please also confirm with your users that it is only them trying to go through a VPN. If another user is using a VPN on the same network this can cause issues. Resource interception or advertised sets of addresses may overlap with the VPN you are using and is causing trouble with the VPN.

Max, AT&T Community Specialist

Still need help? Ask a question! Our 1.4 million members typically respond within 1 hour.

*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.

New Member

 • 

4 Messages

4 years ago

AT&T needs to FIX THIS (Edited per community guidelines). I had a perfectly working L2TP VPN up until last week when they installed this 1G fiber and router.

(edited)

Observer

 • 

8 Messages

4 years ago

It is DEFINITELY AT&T blocking the VPN ports.  My employees with AT&T are the ONLY ones having troubles, and it is intermittent for some of them, which tells me that AT&T blocks/unblocks the ports for some reason.  If I had a choice, I would go with another ISP in a heartbeat due to this.  

 

And having my employees unfortunate enough to have AT&T make changes in their home routers, many of which ARE RENTED FROM AT&T, is ASININE!

(edited)

Community Support

 • 

232.1K Messages

4 years ago

Hello, hrmilo5239

 

Not being able to access a VPN is certainly frustrating, especially with most of us working from home.

 

From our research, L2TP VPNs use UDP port 1701. You may need to manually open that port on your new router.

 

This support article has steps for each specific router model.  Choose yours from the drop-down, and then follow the steps to add a new user-defined application or a customer service (depending on the model).

 

Let us know if you need anything else,

 

Meaghan AT&T Community Specialist

Observer

 • 

8 Messages

4 years ago

Meaghan, I have had my users jump through these hoops TO NO AVAIL!  Please pass on to AT&T to STOP BLOCKING VPN!  It is quite obvious when NONE of my users with non-AT&T ISP's are having issues!!!!!!!

New Member

 • 

1 Message

4 years ago

ATT, the truth is you are making VPN traffic a nightmare so you can sell YOUR VPN product.

 

You can fool home users and the casual neophyte in VPN but not trained technicians. It is so clear that when I use a Verizon hotspot vs my home att supplied wifi. Hotspot - connect every time no problems. ATT WiFi - No dice, at all.

 

So here is what you are doing. You are not outright blocking VPN ports. Heck, that is against FCC rules after all. So instead, you disrupt traffic and protocols over those standard VPN ports to make connections impossible. But the port is OPEN. Then when home users call and complain you sell them your VPN product. 

 

It is an old sales trick. I'm not impressed and neither are the other techs who see through this (Edited per community guidelines). 

 

Just stop it. Fix the issues and let us get back to our work. I do not have the luxury of spending an entire day working around a problem you created.

(edited)

New Member

 • 

4 Messages

4 years ago

AT&T is not blocking anything in regards to L2TP.  I've been on their Uverse for over a year and keep my L2TP open literally 24x7 for a week and more with absolutely no disruption.

 

I recently have switched to the AT&T 1G fiber and I can report on one observation about the new gateway router they gave me.

When I disconnect my L2TP session, that router seems to hold onto the L2TP connection details for about two minutes before destroying them.

You can start up the same L2TP connection, but you cannot start up a different one until it has destroyed the one it currently has in session state.

You can clear the router by rebooting it, but it takes just about as long as just waiting the two minutes.

 

So to be clear, if you are setting up a VPN connection and do not establish the parameters correctly, your first attempt is going to fail, but it is also going to create a session state inside the ATT&T router that will not go away for about two minutes. So further attempts at changing your VPN parameters and re-testing are always going to fail unless you wait for the router to clear its state.  I thought that on this new AT&T fiber connection they might be blocking my VPN because I KNEW I had similar working profiles that would go on for weeks.  It was sheer happenstance I figured it out. Out of frustration I walked away from my desk and returned ten minutes later and the VPN connected!  I tried a different profile, it did not.  But then it did after I rebooted the ATT router.  I performed some Cisco debugging on our office router and even though my VPN was disconnected I could still see the ATT router communicating with our office router. It had session state.  And it went away after about two minutes.

 

In the end, there was nothing I had to configure in my ATT router for my L2TP connection to work.  Just be sure to set your L2TP parameters up correctly and if you change anything, reboot the ATT router or wait a good couple minutes.

(edited)

Community Support

 • 

232.1K Messages

4 years ago

Hey @allpro4325,

 

We are here to help with your VPN trouble. There are many things that can go wrong inside a VPN that is not with the ISP. It is true that some 3rd party VPN's are easier to setup with certain ISP, but that has more to do with both companies protocol setup.

Have you tried port forwarding the applications ports or changing the ports?

  • Some ports are faster by ISP general protocol, and changing the port can help.

Have you tried ip passthrough or dmz+?

  • Not recommended unless you like to bypass the Firewall all together.
  • Possible security risk.

Have you double-checked the Firewall settings?

  • Try disabling the Firewalls, and see if it is a Firewall issue.

Have you made the proper exceptions for the application?

  • Sometimes applications need to have the proper exceptions connected for them to be stable. Otherwise, trouble can occur.

Are you connecting to the right servers?

 

Have you confirmed the type of connection that has to be made?

  • Many companies require the connection to only be Wi-Fi or Ethernet.

Have you tried changing the DNS server on the device side?

  • AT&T routers do not have a function in which you can change the DNS.
  • From the device side; you are able to change the DNS.

Did you check the IPs that the VPN is using?

  • Make sure there is no conflicting IP and the subnet is correct.

Let us know if this helps.

 

 

Max, AT&T Community Specialist

Observer

 • 

8 Messages

4 years ago

@ATTHelp,

All of these are good suggestions, but the fact remains that they do not always apply, they do not always work, and I am not seeing VPN connections issues with ANY of my users who have non-AT&T ISPs.  That really does put the ball in AT&T's court.  The confusing thing is that SOME of my AT&T ISP users have no issues, so it may be an issue with local switching stations or routers within the AT&T network.

Community Support

 • 

232.1K Messages

4 years ago

Hi, @bakershack.

 

We recommend that your users try Max's solutions to see if they work. If they are still having trouble, they can reach out to us for further assistance.

 

Thanks for contacting AT&T.

 

Marc, AT&T Community Specialist

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.