10-13-2011 11:32 AM - edited 10-13-2011 11:36 AM
I can run an IPsec VPN, but the PPTP VPN falis to work since I got U-verse with this modem (used to work over DSL). Does anyone know of a VPN passthrough setting for the NVG510 ?
I run MacOS Lion 10.7.2, and my IPsec client only works in 32 bit mode. Want to be able to run in 64 bit mode with native Apple PPTP VPN client. I've confirmed that the PPTP VPN fails to work now on my 10.6 machine, so it's the AT&T modem, not Lion.
When I contacted AT&T support to ask for details, I first got bounced to a different chat session, then was told to call a number, and then was told that only "Special Services" knows how to deal with VPNs, then the first person I spoke to there didn't know what a VPN was. On insisting for someone who knew what that was, I was given a manager who then told me that I was required to pay for help. Pay for something that AT&T broke?! No, thank you, I said. She politely offered to transfer me back to the first people (U verse support) who know nothing about VPNs, and I agreed in order to try at least to get a modem manual and CD. But on transferring, I was disconnected!
Further details from Console:
Oct 13 10:34:58 filbert pppd: PPTP connection established.
Oct 13 10:34:58 filbert pppd: Connect: ppp0 <--> socket[34:17]
Oct 13 10:35:28 filbert pppd: LCP: timeout sending Config-Requests
Oct 13 10:35:28 filbert pppd: Connection terminated.
Oct 13 10:35:28 filbert pppd: PPTP disconnecting...
Oct 13 10:35:28 filbert pppd: PPTP disconnected
From what I've been able to determine, the modem is not forwarding GRE protocol packets, but can't figure out how to enable that on the modem.
Solved! Go to Solution.
11-03-2011 8:15 PM
OK, tried setting the NVG to Passthrough mode. Some success, but couldn't get it to work with settings that worked for Bangback . First, had to turn off "Cascaded Router" mode under Home Newtork/Subnets. Then had to power off the NVG even after it reset itself, because it was not allowing me to view the Firewall screens (would go to home screen after entering passcode). Even once had that all working, and verified the MAC address was right, it still was not assigning the fixed IP to the Apple Airport router. Tried resetting and repowering each device multiple times.
However, I then reconfigured the Passthrough to Manual IP mode, configured the Apple router manually with that IP, and it works! Less desirable, because I don't have a fixed IP with AT&T U-verse, but it's good enough for now. If they ever change my IP, I'll just have to reconfigure my local router.
11-06-2011 9:06 AM
Follow Bangback's directions above in message #10. But you will have to use your own router instead of a single computer, and the router you use must allow VPN passthrough (most 3rd-party routers do).
You'll also need to apply the modifications that Filbert66 talked about in message #15, he was able to get this to work using his Apple router.
I do not have an NVG510, so I can't give you any directions more specific than these. I have not even seen one of these units.
11-06-2011 10:30 AM
11-06-2011 11:19 AM - edited 11-06-2011 11:24 AM
I believe the IP he is talking about is the IP address that would be assigned by AT&T to the WAN side of the NVG510 router (in other words, the one publically routable IP address that AT&T gives you).
The idea is to have that IP address assigned to the WAN interface of your own router. Usually with the 2Wire units, this is done by enabling DMZPlus mode and then your own router will get this IP address via DHCP.
Filbert66 is saying that he tried it that way but his own Apple router would not complete the DHCP process to get the IP address from the NVG510. Instead, he enabled a manual method and he manually assigned the public IP address to the Apple router.
This works OK because even though the IP address assigned by AT&T is technically dynamic, it actually rarely or never changes unless AT&T replaces your router.
You can also take a look at this alternate procedure for enabling a router-behind-router setup for the NVG510 -- this person used an Apple Airport Express router, but virtually any router should be similar:
11-06-2011 12:57 PM
If the settings Bangbak recommends don't work for you, like they didn't for me, here's details how I made it work:
1. Find the WAN IP address.
a. Go to your NVG settings page, which by default is at http://192.168.1.254
b. Click "Broadband", and copy the IP address next to "Broadband IPv4 Address"
c. Note the router address next to "Gateway IPv4 Address".
d. Note the DNS servers next to : "Primary DNS" and "Secondary DNS"
2. Following Bangbak, go to the Firewall, IP Passthrough page on your NVG control page. Set 'Passthrough Mode" to Manual. Other settings there can be left blank. Hit "Save" and "reboot" the NVG.
3. Making sure your computer can still talk to your local router, on your local router, set it's WAN IP to "static" using the copied IP address.
a. If you have an Apple Airport Extreme, start the Airport Utility, click Manual Setup, then Internet, and then TCP/IP tab. I set mine to:
Configure IPv4: manually
IP address: <as copied in step 1b. >
Subnet mask : 255.255.128.0 worked for me (see note b)
Router address: <as copied in step 1c>
DNS Server(s): <as copied in step 1d, or use another DNS provider like OpenDNS>
b. My assigned "Gateway IPv4 Address" was 126.96.36.199, but my assigned WAN IP was in 108.209.177.x, so the netmask is not the typical 255.255.255.0. The 176 and 177 don't match. But they both are greater than 128, so 128.0 matches both. I had set the typical three 255s first, but that didn't work.
3. I also set my Airport "Internet Connection" this way, per Bangbak's suggestions:
Connect using: Ethernet (It is the only thing plugged into my NVG's Ethernet ports. All else is plugged into the Airport's ports.)
Ethernet WAN Port: Automatic
Connection Sharing: Share a public IP address
11-14-2011 2:36 PM - edited 11-14-2011 2:42 PM
I believe at one point, I spoke with a Tier 2 person from AT&T and they said that a possible firmware update would be coming out for the NVG510 sometime around December. It addresses an issue regarding static IP addresses, and my hope is, a fix for the PPTP VPN issue.
I agree, it exposes the machine to the internet, so a strong firewall is a definite must!
I was ready to throw in the towel with AT&T before getting the workaround to work. The last time I called them, they said there were over 27 different notes in my account with the issues I had with the modem. I must have spoken to at least 10 different people on trying to get a resolution, and also contacted Motorola tech support as well. Whenever I said "VPN" they would respond with "Oh, that's a business related issue, we don't support that", even though it was just me trying to use it for work from home.
What I still don't understand is why the DHCP NVG510 server wouldn't supply me the WAN IP address when I did a IPCONFIG /release and IPCONFIG /renew. I had to actually power down my computer, and restart it before I got served the WAN address over DHCP. Any ideas? Perhaps this is the reason why some people have to MANUALLY assign the WAN address on their machines or alternate routers?
12-12-2011 11:38 AM
I had this workaround functioning for a couple of weeks. Suddenly, with zero changes on my behalf, it stopped working.
I had IP Passthrough set to one of my laptops so that machine could connect to my client's PPTP VPN. It had my WAN IP and everythign was fine.
When I went online this morning, that latop had no connection to the internet. Tried rebooting the laptop, the router, nothing. It couldn't ping anywhere.
If I turned the passthrough off on the router, the laptop grabbed a 176.16.1.x IP and could connect just fine.
Tried to set the passthrough again, nothing, can't even ping the router.
I've tried setting the mode to both DHCPS-fixed and manual with no luck.
This router was installed by the fifth ATT tech i had come out here for an intermittent disconnect issue, had a 2-wire before. They finally fixed the disconnect with this router, but now I can't connect to my clients. Sigh. I am so ready to cancel and call up Comcast.
12-12-2011 12:51 PM
I had this workaround functioning for a couple of weeks. Suddenly, with zero changes on my behalf, it stopped working.
I had this happen to me recently. Internet all went down. I had made no changes. Wifi on AT&T router worked fine, but not off my Apple Airport Extreme router, so problem was my personal one wasn't getting the passthrough. Confusing thing was, Apple router reported everything was fine!
Anyhow, after some trial & error, I was able to get it working again by simply turning off Passthrough, and then turning it back on again. Actually, I think I switched to DHCP and then back to static. Don't know if this will help you; sorry.
12-17-2011 10:36 PM
Had this happen on mine, too. It seemed to coincide with IPv6 being turned on all of a sudden, but I can't guarantee that. Anyway, I tried the same stuff you described without joy. Then, I turned the IPv6 back off, and it started working, so maybe you can give that a try...
In the NVG510 setup screens, go to Home Network tab, then Configure link. Click the IPv6 dropdown to set it to Off. Save the settings, then restart the NVG510 (Device tab, Restart Device link, and follow the instructions there).
A firmware update that fixes several problems is scheduled to come out late this month (December 2011) according to AT&T's tech support. Crossing my fingers....
12-23-2011 3:00 PM
Well, after navigating the sea of messages and forums, I find that I can get the NVG510 up online in their "Passthrough" environment per the excellent instructions above. But the house network has a Dual-N Netgear router that takes care of everything else, and DYNDNS and Cisco VPN client aren't playing well. Will attempt to monkey with the Netgear's inbound IP address tonight, and make another mess in the attempt to fix this, and get DNS advertising and inbound DNS working properly.
Funny thing is I tried to call the tech support number supplied from the chat line, and its a pay-only service, and for a fresh faced new user to Uverse coming off Bell DSL, this isn't flying well with me.
If I had known ahead of time that the NVG510 would not go into bridge mode willingly and easily, I would have bailed totally on the upgrade. So far, I've invested 4 hours researching and changing the home network, for something that should have been a switch in the RG to "bridge" and be done with it. And to find out that this problem has been around for a some time and is still very, VERY active, well, I also never liked being on the bleeding edge of technology.
If a firmware upgrade comes out for this RG, PLEASE, someone, let us know, so I can fix all of the hiccups that I'm running into by switching it into this "passthrough" mode, and get to a true bridge mode.
I am not going to pay ATT to do home networking, any repair services, or for static IP addresses - I work in this industry, and know how to wrangle networking properly. And they were of no help when I set this up originally on DSL, and they didn't have to hook up my iPhones, iPads, home PCS, Windows Home Servers, wireless printers, media centers, TV, etc as the network grew, and I had to accommodate them into my home network. With this RG, it should have been a no-brainer for Motorola and ATT to know that they needed to provide a bridge mode. I am well beyond the "single router and single PC" environment that this seems to be aimed for. And no, this is not a business environment, its a regular, 21st century home that has 21st century equipment and tech in. Bridging should have been anticipated, and, with little modification, this should have worked out-of-the-box properly and quickly.
01-11-2012 6:29 PM
If anyone gets this far in the thread, there's a guy named Ron Berman who has documented this quite well, providing a guide to setting up the NVG510 as a bridge and then attaching a real (i.e. working) router that supports VPN. His thread is at http://www.ron-berman.com/2011/11/24/motorola-nvg510-help-page-for-att-u-verse-users/
AT&T is still giving customers the run-around on this as of 1/11/2012. I'm going to press them to deliver an alternate product to me since this one is broken right out of the box. They use a 2-Wire product (not Motorola NVG510) for triple-play customers, and that one supports VPN. Imagine that. It's a bit larger and I doubt it will be a straight-up trade since it includes the hardware decoder to receive AT&T's IPTV channels, but it works. If you're wondering, I obviously won't get free IPTV out of it (they control that from their end).
I'll post this thread if I have any luck with it (what it cost to swap in a working box, delivery time, etc.).
01-11-2012 6:47 PM
Thanks for that update. You know what makes me pull my hair out? I *had* the 2-Wire router. They replaced it twice because I was experiencing intermittent disconnects. The third time they replaced it with the Motorola NVG510. The disconnects may be gone, but now I have to jump through hoops depending on which VPN my clients are using. (I do mission critical server support for high end clients, I have to be able to log in within minutes, and disconnects are unacceptable.)
01-13-2012 10:57 AM - edited 01-13-2012 11:01 AM
After spending a full day on the phone with AT&T getting bounced around amongst various departments, I was unable to convince them to swap my NVG510 with the Modem/Router they provide for triple-play service. They wouldn't even sell it to me when I offerred "whatever $ you want" for it. I verified with a friend that his AT&T, triple-play unit from 2-Wire (he forgot to get the make/model for me) definitely supports VPN pass-through without issue. I'm guessing it's some version of a Pacer 5500, but online data shows the unit for sale only to Telco's.
Unfortunately, AT&T takes the position that an internet-only U-Verse account type is allotted a Motorola NVG510 and that's that. A triple-play customer is provided a unit from 2-Wire. Perhaps they have purchasing agreements in place with Motorola and 2-Wire that restrict usage. I can certainly see they'd want to limit customer configurations to simplify support. Whatever the reason, their policy leaves us poor saps with a brain-dead router. Any complaints are wasted breath.
I'm now following this thread and attempting an NVG510 bridge to a shiny new Netgear WNDR3700v3 Router I purchased. No luck so far. Please, somebody shoot me and put me outta my misery.
01-13-2012 11:08 AM
Welcome to the internet boards! Check out our troubleshooting articles below and don’t forget to search the forums - your question may have been answered already!
Service acting up? Click here to troubleshoot now!
For DSL related issues. We highly recommend chatting with our teams to address this as quickly as possible.