Link to home
Start Free TrialLog in
Avatar of Member_2_3517100
Member_2_3517100Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Netgear DG834GT VPN Pass-through work only occasionally

Hi guys. Here's an interesting one I hope you might be able to help me with. I've setup a Netgear DG834GT router at our work. Works great on every level accept the VPN. I have all the necessary VPN ports forwarding to our Windows based VPN server. I'm also aware of protocol 47, although there is no configurable setting to let this pass through (on Netgear routers protocol 47 is supposed to follow the direction of PPTP port forwarding).

However, on some machines when I try to connect it just times out when the user name and password is trying to be validated (suggesting the GRE packets aren't getting through via protocol 47). On other machines it connects up (although only some TCP traffic doesn't pass through)! I've set VPNs up like this loads of times, and have finally resigned myself to the fact that this particular model (which I haven't used before - I've always used its younger brother, the DG834G) can't cope with the VPN stuff.

So my question is, has anyone else has this problem? If so, did you manage to fix it? I have tried all the various Netgear firmware versions, including the most recent that claims to fix a VPN pass-through issue, but does anyone know of third party firmware that actually works?

I look forward to any feedback, even if it is just to confirm that the router is a little monster and I need to send it back

Cheers Guys,

Bluemercury
Avatar of Peregian
Peregian
Flag of Australia image

I had some probs with dg834 -dg834 vpn thatlinks 2 networks together. I got timeouts and sometimes it would connect and then just hang when you tried to use it. It ended up being the mtu setting in the router. Try lowering that.
Avatar of Member_2_3517100

ASKER

Thanks for you comments Peregian. It's a good thought, but unforuntately I have already tried lower the MTU setting with no luck :( Any other ideas at all?

Best wishes,

Bluemerucyr
did you lower the mtu on the router and the vpn server?
I have indeed tried both, with values of 1400 as you suggested. I've also tried the value of 1432, as this is what another VPN router I use utilises sucessfully. Bizarre thing is that, as per usual, some VPN clients will connect ok, then at other times they won't at all. It is all very ittermitent!
try this test to see at what size packets fragment

ping -f -l 1472 serveraddress

it should tell you that it fragmented the packet. Keep lowering the 1472 until it stops fragmenting it.
Thanks for your input Peredian. I'd love to try your latest suggestion, but just to help matters the SATA RAID mirror has decided to pack up on the Server after just one week! I'm not going to be onsite to fix it for the next week, so this whole issue is on hold (Server is completely down)! I may also try another spare router that I'm going to order in the meantime....

Thanks for all your input, and I will be back here as soon as possible!

Bluemercury
I have come to my own conclusions that the DG834GT is a menace device. With a DG834 (not GT) router now in place and passing through up to 4 VPN tunnels (and configured in exactly the same way as the DG834GT) it pretty much shows that the DG834GT is not functional for VPN pass through. I have spoken to other colleagues outside of EE since, and they admitted to having the same problems as me, and retracting back to DG834 based models to get things to work.

Thanks for your help on here; I'm going to request a point refund if that's ok, as whilst your suggestions helped reduce the scope of possible problems, ultimately it has just come down to shoody Netgear design. I hope EE will leave this up here for future reference to those who have problems with the DG834GT. Netgear; update your firmware properly for this DG834GT model!

Bluemercury
ASKER CERTIFIED SOLUTION
Avatar of GranMod
GranMod

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of NETFOCUS
NETFOCUS

There is a fix for this. Download TCPOptimizer and untick "Timestamps" on the adpater useded to tunnel. I have tried this seceral times on different machines that failed to connect and on each occasion this action resolved the problem.