AR750S blocking all VPN clients

setuid · July 14, 2022, 2:43am

It appears that when the router is connected to any upstream network, ANY client connected to the router, cannot use its VPN client, any VPN client, to connect through the router. I have tried the default macOS VPN client, Android, Linux ipsec/l2tp and my iPhone. ALL fail.

If I connect those same clients’ VPN through my phone’s hotspot, it works. Same with a hotel WiFi network.

I don’t (and cannot) install or configure a VPN client on the router itself, the configuration MUST live on the client device.

How am I supposed to connect VPN clients through the AR750S, without it blocking/denying the connection?

I’ve read dozens of forum and blog posts implying that L2TP is half-baked, half-working, not-working-at-all in even the latest beta/snapshot firmware, but that doesn’t appear to be the case. I tried unticking the 'DNS Rebind" protection as suggested in another post, still no luck.

Is there a way to configure the AR750S to permit VPN access through its network? What am I missing?

alzhao · July 14, 2022, 3:29am

The router does not block any vpn service/protocol specifically. It must be something else?

How does the router connect to the Internet?
Without vpn, you have normal Internet on the router?

setuid · July 14, 2022, 4:16am

Yes, as a normal router, it works fine (though, more-recent firmware versions seem to disconnect a LOT more often than prior versions, dozens of times per-hour).

Router is connected to upstream network (hotel, train, home, etc.) and all clients are configured to connect to the AR750S only.

When I then try to use a default client VPN configuration (L2TP + PSK) that passes through that router, it ALWAYS fails to connect, and the client logs indicate the router terminated the connection.

When I then enable the hotspot on one of my phones and connect a laptop (or another phone) through it, and use that device’s VPN client (the one that moments before, failed to work through the AR750S), it works every time.

If I pair my laptop (macOS, Linux, Windows, I’ve tried all three) directly to the hotel WiFi, and load up the default VPN client on those devices, it works every time.

What doesn’t work, is putting the AR750S between the upstream network and the client device.

alzhao · July 14, 2022, 4:32am

Suddenly I remember that l2tp need to enable passthrough.

Can you add the two rules to enabled port 500 and 1701

config rule
        option src              wan
        option dest             lan
        option proto            udp
        option src_port         1701
        option dest_port        1701
        option target           ACCEPT
config rule
        option src              wan
        option dest             lan
        option proto            udp
        option src_port         500
        option dest_port        500
        option target           ACCEPT