Archiv_Internet-Geräte

Siehe neueste
IPsec VPN connection not possible using cga4233de
Jen_K
Daten-Fan

Apoligise that this is in English but i am getting desperate.

 

Last month i moved from 1u1 and joined Vodafone with CableMax 1000 account. Generally the connection works well (but definitely not getting anywhere near 1000mbps) but it works. However I cannot connect my laptop to my work VPN through the cga4233de Cable Modem/Router. 

 

I have contacted VF multiple times and spent many hours researching and trying to understand what the problem is.

 

Yesterday, VF enabled a "Öffentliche IPv4 Adresse" which they said would solve the problem since they think that maybe my work VPN does not support IPv6. However, 24 hours later this has not solved the problem.

I told them that our VPN server uses IPsec. On several occasions they said i should convince my company to use PPTP, despite the fact that it is superseded by more secure protocols. really...really?? needless to say, my office rejected this.

 

All of my colleagues are now working from home using other various ISPs and they all work fine, no problems.

 

I have had no problem connecting the same laptop to our VPN using the Telekom 4g sim card. I have also had no problem connecting to the VPN via a mobile hotspot using my Vodafone 4g account. So i cannot imagine that there is anything wrong with the laptop, Lancom client software or VPN server. However Vodafone keep telling me that the problem is with us and not them.

 

What are my options? Can anyone help? I read all these things on the VF forum about DS-lite and Dual Stack but not quite sure if these comments are relevant now that VF changed the account to public IPv4.

 

 

 

 

Mehr anzeigen
7 Antworten 7
reneromann
SuperUser

If your VPN is misconfigured, Vodafone cannot help you.

 

Please note that an IPSec connection requires more than just a public IPv4 (and that even this is NOT part of your contract - you signed for a contract with only a public IPv6 connection and thus if you have been now granted a public IPv4, it can also be removed without further notice) - it also requires the GRE protocol. And depending on the settings, it furthermore requires that no IP fragmentation is happening. Especially the last part can be quite tricky if the VPN server is misconfigured and only tries to use an MTU of 1500 or 1492 Bytes. Usually cable networks only support a max MTU of 1432 Bytes which may lead to IP fragmentation which can cause IPSec connections to drop - but this is a server side setting which cannot be changed by Vodafone! Same is the check if your client IP does not change...

 

And by the way: VPN connections that require a public IPv4 on your side are not state-of-the-art. Usually you should not be required to have a public IPv4 - or an IPv4 at all. Right now, VPNs should also (and mainly) support connections using IPv6-only client connections - which can be quite a problem if the Lancom device is NOT updated and maintained.

Mehr anzeigen
Wallace
Moderator

Hi,

 

unfortunately an IPSec tunnel cannot be established with the router and its current firmware. You can activate the bridge mode (router is then only a modem) via the customer portal and then connect your own router.

 

Regards

Wallace

 Bewertet hilfreiche Beiträge mit Likes und Sternen!
 Unaufgeforderte PNs werden nicht beantwortet - Bitte erstellt einen Thread. Die Community hilft!
Mehr anzeigen
the_janitor
Daten-Fan

I have the same problem since I've upgraded from 200 mbit/s to 500 mbit/s and received the new cga4233de cable Router. Before my IPsec connection (Microsoft Always On VPN) worked flawlessly, now it won't connect.

 

I've found a workaround, If I disable the Firewall on the Router, the IPsec tunnel connects instantly and works. However, I don't want to fully disable the firewall on the Router, and the Router won't even allow me to permanently disable the Firewall, it turns on again after 24 hours. So I (currently working from home like many others) would have to do it every day, which is not acceptible.

 

So it's clearly NOT an IPv4/IPv6 issue and, at least in my case, not an issue with a misconfigured VPN server, it's an issue with the Firewall of the cga4233de cable Router.

(1)
Mehr anzeigen
mikran
Smart-Analyzer

Thank you for the workaround! It works exactly as you described it.

Mehr anzeigen
RobertP
Giga-Genie

Moin,

das ist ein bekannter Bug in der Firmware und wurde in der aktuellen Version 2.0.17 behoben.

 

Gruß Robert 

 

 

 

 

 

Mehr anzeigen
mikran
Smart-Analyzer

How can I get that firmware update?

Mehr anzeigen
RobertP
Giga-Genie

Hallo,

da musst du dich noch etwas gedulden. Der "globale" Rollout hat noch nicht begonnen.

Gruß Robert 

Mehr anzeigen