Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Need help connecting your router?
bakershack's profile

Observer

 • 

8 Messages

Wednesday, March 18th, 2020 8:35 PM

L2TP VPN BLOCKED by AT&T Uverse Router

I have several users who cannot access our company VPN from home because of AT&T's boneheaded decision to block the ports/protocols used for the VPN. Has ANYONE ever figured out how to configure the 5286A router issued by AT&T? The COVID-19 issue has the vast majority of our people working from home, but those who cannot access the VPN are handicapped, costing the company a LOT of money.

New Member

 • 

4 Messages

4 years ago

I agree it takes a little time and effort for port forwarding stuff to successfully link L2TP VPN in NATed scenario and it may differ from router to router or even a same router with different s/w , h/w version.
As far as I know the protocol number and ports that needs to be open/forwarded for L2TP VPN are

  • Protocol: UDP, port 500 (for IKE, to manage encryption keys)
  • Protocol: UDP, port 4500 (for IPSEC NAT-Traversal mode)
  • Protocol: ESP, value 50 (for IPSEC)
  • Protocol: AH, value 51 (for IPSEC)

Keep an eye on last two (Bold ones) and the screen shot of firewall configured from router's webgui.

why is it 500 ?
If you can correct the Protocol Number for IPSEC ESP and AH in next firmware upgrade. May be that could help.

 

Manufacturer Pace Plc
Model 5268AC
Hardware Version 260-2173300
Software Version 11.7.1.533024-att

open VPN, SSH and Plex is working. It's only the issue with L2TP.
Thanks

 

 

(edited)

New Member

 • 

4 Messages

4 years ago

L2TP works if you configure the router in DMZ+ mode.
If you use firewall and pinholes, something is not passing through the pinholes may be IPSec ESP/ AH. So seems like AT&T firewall is blocking the L2TP VPN. Knowingly/Unknowingly, I don't know.

Thanks

Observer

 • 

8 Messages

4 years ago

And yet another indication that AT&T is the culprit:  My own VPN connection from home works sometimes, but not every time.  This is with absolutely zero changes to the PC, the router, the office router, NOTHING.  Then, for no apparent reason, it starts working again.  This is over the course of days, not hours, so it doesn't seem to be the office router holding onto the previous connection.

Community Support

 • 

232.3K Messages

4 years ago

Hi @bakershack, we are here to help.

 

If you are having an issue on your network, we will be delighted to help find a solution.

 

Please reach out to us for further assistance.

 

Lafayette, AT&T Community Specialist

Observer

 • 

8 Messages

4 years ago

I have already jumped through all the AT&T hoops with port forwarding and everything else.  For no obvious reason, my VPN works sometimes and doesn't work others.  And helping me specifically does not help all of my employees with AT&T as their ISP.  I have jumped through these hoops before, only to have an AT&T rep blame our company router.  If the router is the problem, why do my employees with non-AT&T ISP's have ZERO issues?

Community Support

 • 

232.3K Messages

4 years ago

Hey @bakershack,

 

From your last explanation the trouble seems to be in the port protocols or an encapsulation error. We understand the frustration, and will do all we can to help with your current trouble.

 

Log into your AT&T router and disable IPv6 protocol. 

 

There has been some trouble in the encapsulation of both IPv4 and IPv6 into one packet. Our engineers are working on this and will be corrected as soon as possible.

  1. Open up a web browser.
  2. Type 192.168.1.1
  3. Log into your router.
    • Username is Admin.
    • Password is the access key or A/C located on the router.
  4. Find the LAN Tab.
  5. Click the box to disable IPv6.
  6. Save settings
  7. Exit.

 

Are you able to try changing the application port?

  • This will allow you to find a smoother port in which both protocols are able to run through. 
  • Also, IP Passthrough/DMZplus might help, but this will disable Firewall security and protocols. Not a recommended course of action.

Let us know if this helps.

 

 

Max, AT&T Community

New Member

 • 

4 Messages

4 years ago

Hey Max @ATTHelp 

 

Log into your AT&T router and disable IPv6 protocol.
--Disabling IPv6 won't help.

Are you able to try changing the application port?

--Opening 50 and 51 for IPSec ESP/AH/IKE won't help. The default Number is 500 which cannot be edited by user. The only way is to create a new custom port.
I am not sure if protocol number and application port are the exact same things. Let your engineers decide that.

Also, IP Passthrough/DMZplus might help, but this will disable Firewall security and protocols. Not a recommended course of action.

-- Yes It works with IP Passthrough/DMZplus mode. I am not using it because as per you suggestion it is Not a recommended course of action.

Observer

 • 

8 Messages

4 years ago

Thank you volarepa.  The fact that IP Passthrough/DMZplus mode works is yet more evidence that AT&T's firewall settings are the cause of this issue.  @ATTHelp, please have AT&T correct their issue and stop having users jump through all kinds of hoops that don't work!

New Member

 • 

4 Messages

4 years ago

@bakershack I agree, I am hoping they will fix the issue in the next firmware upgrade.

New Member

 • 

1 Message

3 years ago

Lost an entire work day and evening to this issue. Spend 21/2 hours online with tech support. I was also told they would charge me to fix the pronlem they created. Then 20 minutes on hold while a "retention specialist" supposedly set ip a free session only to be told again I would be charged. This is after we just upgraded and were told we weren't even getting the service we have been paying for. I work from hime full time but will have to find somewhere else to work tomorrow so I don't lose my job. We just otdered Xfinity. This is predatory business and I have to believe it is illegal.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.