If you have the Pace 5268AC modem / router skip down below to see why you need to call AT&T and request a different model router.
Point-to-Point Tunneling Protocol (PPTP) uses TCP port 1723 and IP port 47 Generic Routing Encapsulation (GRE). Setting up a PPTP client in windows is easy.
My first pass attempt at setting up a PPTP VPN server on my home network was with a Cisco RV100W. Its interface was a bit clunky. I never got far enough to get enough clues to solve the real problem of the Pace 5268AC modem / router.
In the next attempt I used a TP-Link TL-R600VPN.
I set up the following items
- Router / Modem: Ports 1723 and 47 to allow the PPTP traffic in and out
- TP-R600VPN: set WAN port to fixed 192.168.1.1 on the router / modem LAN
- TP-R600VPN: set the LAN on the Tp-Link to be 192.168.0.1 – this is so the NAT does not get confused. It is a bit annoying as it puts it on a subnet different from the modem and thus you can not dial in to it.
- TP-R600VPN: did not yet turn on DDNS successfully.
After doing this I got a different error when I tried to dial into the VPN. At this point I started to look at the log of the VPN client. In order to do this you tick the box on the MS PPTP client then you have to open up a computer management window per the instructions in the following page:
PPTP Connection, where is the log file stored when "Enable Logging" is selected?
The log read as follows:
CoId={51FF0292-D97E-48C8-86D5-D3A0743BB55D}: The user Smokey\freemonsandlewould has started dialing a VPN connection using a per-user connection profile named xxxVPN Connection. The connection settings are: Dial-in User = Effingtoniii
CoId={51FF0292-D97E-48C8-86D5-D3A0743BB55D}: The user Smokey\freemonsandlewould is trying to establish a link to the Remote Access Server for the connection named xxxVPN Connection using the following device:
Server address/Phone Number = xxx.xxx.xxx.xxx
CoId={51FF0292-D97E-48C8-86D5-D3A0743BB55D}: The user Smokey\freemonsandlewould has successfully established a link to the Remote Access Server using the following device:
Server address/Phone Number = xxx.xxx.xxx.xxx
Device = WAN Miniport (PPTP)
CoId={51FF0292-D97E-48C8-86D5-D3A0743BB55D}: The link to the Remote Access Server has been established by user Smokey\freemonsandlewould.
CoId={51FF0292-D97E-48C8-86D5-D3A0743BB55D}: The user Smokey\freemonsandlewould dialed a connection named xxxVPN Connection which has terminated. The reason code returned on termination is 829.
At this point I could see that authentication had been successful and that there must be some sort of other issue. The Error 829 (ERROR_LINK_FAILURE) suggests a physical layer issue where the link went down.
I tried to set up a PPTP server using two different models of router hung off of my Pace 5258AC router. Neither attempt worked. At this point I found a note:
How to configure VPN function on TP-LINK Routers – pdf
At this point I went searching on my Pace 5268AC router to set it to pass through PPTP. With the following search
I found the following pages stating that the Pace 5268AC does not do GRE on port 47 correctly and that many people had been stopped by this problem.
The problem is not in your config, but lies directly with AT&T
At this point I talked via chat on the AT&T Contact Us – Internet page to verify the issue still existed with the Pace 5268AC router. This was confirmed and support is sending me a NVG599 modem / router to replace the Pace 5268AC. Arrival time quoted as tomorrow and I will need to ship the old modem back to avoid a 150 USD equipment charge.
Research Links
- PSA: Demystifying IP Pass-thru on the Pace 5268AC – doubtful this is entirely accurate but noted in case the NVG599 does not work tomorrow. Even if not accurate there are several knowledgeable people who pick apart the guy's method and thus it has useful information.
- PPTP Passthrough and How It Works
Ancillary Research Links
- OpenVPN: 2x HOW TO
- OpenVPN: Extremely common subnet address
- Setting up a VPN server on a Tomato router (WRT54GL)
- Cisco Small Business QuickVPN – software for setting up VPN on Cisco hardware
2 Comments
Well, did the NVG599 work?
No. It’s a pain in the arse. However when I switch over to the Mango router which has wireguard on it that worked.