LT2P VPN on 8900AX-1600 R2

[charliem]

I'm trying to set up a VPN, the 8900AX-1600 R2.

I followed the closest instructions I could find here:

http://billion.uk.com/forum/viewtopic.php?f=18&t=13519

Made a remote desktop connection out to my work computer to test. I know I can connect back to any virtual servers etc, but no joy at all with connecting to this VPN. A windows 10 box gives me "The connection was terminated by the remote computer before it could be verified"

Should settings be different from the above. Much as the logs include a lot of information from connection attempts, I'm afraid i couldn't figure what was up looking at the logs. Are you able to advise how i problem-solve to get this working?

Thanks

[billion_fan]

I'm trying to set up a VPN, the 8900AX-1600 R2.

I followed the closest instructions I could find here:

http://billion.uk.com/forum/viewtopic.php?f=18&t=13519

Made a remote desktop connection out to my work computer to test. I know I can connect back to any virtual servers etc, but no joy at all with connecting to this VPN. A windows 10 box gives me "The connection was terminated by the remote computer before it could be verified"

Should settings be different from the above. Much as the logs include a lot of information from connection attempts, I'm afraid i couldn't figure what was up looking at the logs. Are you able to advise how i problem-solve to get this working?

Thanks

I just tested this feature and you need to make the following change to your VPN tunnel properties (attached screenshot, works fine here)
The steps on the link are correct, but was for Android/iPhones

[charliem]

I'd just added my logs to my original post, and see you'd already replied!

Great. That seems to resolve it - connection established (and RDP connection dropped as expected), closed connection from router so can connect back to work again. Perfect! Resolved! And fast response!

I know it's been asked before, but Is open VPN coming to this router in the future, or just the 2400 version?

Other than that, A+ for router performance btw - replaced my 7800N 6 months ago, and this is every bit as stable and reliable which was a tall order.

[billion_fan]

I'd just added my logs to my original post, and see you'd already replied!

Great. That seems to resolve it - connection established (and RDP connection dropped as expected), closed connection from router so can connect back to work again. Perfect! Resolved! And fast response!

I know it's been asked before, but Is open VPN coming to this router in the future, or just the 2400 version?

Other than that, A+ for router performance btw - replaced my 7800N 6 months ago, and this is every bit as stable and reliable which was a tall order.

I am not sure if the 1600 R2 will have open VPN support, (we will have to have a internal discussion about that)

[charliem]

Ah well, will keep my eye out and fingers crossed.
Guess I should have got the 2400; a little annoying as it wasn't the price that made me select the 1600, just that the 2400 speed wouldn't be utilised as like many I'm more concerned with stability at peripheries of coverage area (so 2.4GHz) and at the time I found the best reports for wireless coverage etc from the 1600 I selected that.
It's a superb router, have installed 3 for others too, but would be perfect if you do bring OpenVPN to it.

Thanks for help with L2TP though (my silly - I should have checked in retro control panel on win10; you know how win10 likes to present dumb interfaces, hiding anything useful)

[billion_fan]

Ah well, will keep my eye out and fingers crossed.
Guess I should have got the 2400; a little annoying as it wasn't the price that made me select the 1600, just that the 2400 speed wouldn't be utilised as like many I'm more concerned with stability at peripheries of coverage area (so 2.4GHz) and at the time I found the best reports for wireless coverage etc from the 1600 I selected that.
It's a superb router, have installed 3 for others too, but would be perfect if you do bring OpenVPN to it.

Thanks for help with L2TP though (my silly - I should have checked in retro control panel on win10; you know how win10 likes to present dumb interfaces, hiding anything useful)

1600 R2 is a good router to, if/when open VPN is added I will be sure to post the firmware here
I'm not a fan of win 10 either, all my personal PC's run win 7 (I hate the dumbed down interface in win 10 also)

[charliem]

Can I ask a further question on this topic (do advise me if I should post this as new topic).

Please could I ask: do you have any recommendations on further securing this?

Previously I used 'Virtual Servers' on the 8900 to port-forward RDP requests to a couple of boxes. It was quite apparent they were tested occasionally, even when running services on random addresses addresses rather than 3389 (I log failed login attempts and can see the odd bot guessing common user names etc).

Instead I'm using LT2P but router logs also show the odd attempt at getting in. So I was wandering....

Once VPN established with router I have free reign to remote into any desktop I like at home, or try at vulnerabilities of devices on my network. All I really want is to get as far as the router, not through it. Once connected, I'd ideally like to be offered only the Virtual servers I choose to allow through, not given full access to the network.

Is there a way to configure this?

If not, it is possible to restrict the remote client to a set of IP ranges (an address would do, but I suspect gateway at my client connection is one of range of addresses).

Thanks, Robin

[billion_fan]

Can I ask a further question on this topic (do advise me if I should post this as new topic).

Please could I ask: do you have any recommendations on further securing this?

Previously I used 'Virtual Servers' on the 8900 to port-forward RDP requests to a couple of boxes. It was quite apparent they were tested occasionally, even when running services on random addresses addresses rather than 3389 (I log failed login attempts and can see the odd bot guessing common user names etc).

Instead I'm using LT2P but router logs also show the odd attempt at getting in. So I was wandering....

Once VPN established with router I have free reign to remote into any desktop I like at home, or try at vulnerabilities of devices on my network. All I really want is to get as far as the router, not through it. Once connected, I'd ideally like to be offered only the Virtual servers I choose to allow through, not given full access to the network.

Is there a way to configure this?

If not, it is possible to restrict the remote client to a set of IP ranges (an address would do, but I suspect gateway at my client connection is one of range of addresses).

Thanks, Robin

If you only want access to the router, then disable L2TP and enable remote access on the router, (this will allow you access to the router only)

This will also only allow virtual servers rules to have access to the outside world (as the ports are forwarded)

You can restrict the remote IP address that is allowed to connect your virtual server rules using the 'Exceptional Rule Group' this is what I am using, attached is a example. (you must tag the Exceptional Rule Group to virtual server rule)

[charliem]

I have all the above working. Been great over the last month.

Could I ask for one further bit of assistance: what are the settings Android 9.0 for the above setup?

I've filled in fields
type: L2TP/IPsec PSK
IPsec presharedkey
username
password

No joy though. Logs attached

Capture.PNG

[billion_fan]

I have all the above working. Been great over the last month.

Could I ask for one further bit of assistance: what are the settings Android 9.0 for the above setup?

I've filled in fields
type: L2TP/IPsec PSK
IPsec presharedkey
username
password

No joy though. Logs attached
Capture.PNG

Have you tried to set a simple username and password eg max 15 characters, no special characters?

Also have you setup a exception group rule for the L2TP server? (limit the public IP address that can access the L2TP server??)