D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-645 => Topic started by: Celcius on February 06, 2012, 12:20:55 PM
-
I am having trouble with my brand new DIR-645 router.
I used to be able to connect to my works VPN with no problem, but now with the new router I am running into issues.
I've got it able to connect, however the connection times out after a period of time.
When I am on wireless the connection lasts about 2 minutes
I also tried it wired, and I almost though it was working, but it timed out after about 10 minutes.
No one else at work is experiencing any problems, it's just on my side.
I've ran a ping -t google.ca off of VPN and it works fine
Then I keep it going and connect to VPN and it keeps working for about two minutes then starts timing out.
As for my settings, I have tried all this
- Virtual server for PPTP port 1723
- Virtual server for L2TP port 1701
- DMZ for my laptop
- enabling/disabling SPI
- Changing the NAT endpoint filerting to all the settings
- Enabling/disabling the Application Level Gateway configuration for PPTP and IPSec
- Turning it off an on again
Does anyone know why my VPN connection times out?
Also, I am on a Windows 7 laptop with Wireless N
-
What Firmware version is currently loaded? Found on routers web page under status.
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.
To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged.
Some things to try:
Ensure DNS IP addresses are being filled in under Setup/Internet/Manual? You can find these under Status/Device Info/Wan section.
Turn off ALL QoS (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual if you have this option.
Turn on DNS Relay under Setup/Networking if you have this option.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking
Ensure devices are set to auto obtain an IP address.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking.
What wireless modes are you using? Under Setup/Wireless/Manual.
Try single mode G or mixed G and N?
What security mode are you using? Preferred security is WPA-Personal. WPA2/Auto TPIK and AES.
Any other WiFi routers in the area? Use InSSIDer (http://www.metageek.net/) to find out.
Turn off Short GI and Extra Wireless Protection if you have it. Under Advanced/Advanced Wireless.
Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
Turn off all devices accept for one wired PC while testing.
Also does this VPN support a KEEP ALIVE connection? Might be that your VPN server or source could be timing out if it's not detecting any data coming and going. Just a thought here.
-
What Firmware version is currently loaded? 1.01
What ISP Service do you have? Cable or DSL? Cable
What ISP Modem do you have? Stand Alone or built in router? Stand-Alone Model
What ISP Modem make and model do you have? Motorola SB5102
Some things to try:
Ensure DNS IP addresses are being filled in under Setup/Internet/Manual? These are filled
Turn off ALL QoS (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel. Done.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual if you have this option. Done.
Turn on DNS Relay under Setup/Networking if you have this option. Done.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking Done.
Ensure devices are set to auto obtain an IP address. Done.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall. Done.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Done.
What wireless modes are you using? Under Setup/Wireless/Manual.
Try single mode G or mixed G and N? Mixed Mode G/N
What security mode are you using? Preferred security is WPA-Personal. WPA2/Auto TPIK and AES. I am using this.
Turn off Short GI and Extra Wireless Protection if you have it. Under Advanced/Advanced Wireless. N/A
Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
Turn off all devices accept for one wired PC while testing.
All firewalls off
Also does this VPN support a KEEP ALIVE connection? Might be that your VPN server or source could be timing out if it's not detecting any data coming and going. Just a thought here.
Talked to our network admin and he says that the VPN server does support keep alive and shouldn't be kicking me off for any reason except a disconnect.
-
Does this only happen when you use VPN?
After using VPN do other applications like browsers such still connect to the internet or does everything go down?
Check the routers logs during this time frame and any entries regarding connections or anything appear when this happens?
There is a beta FW however not sure if it will clear this issue up.
Any chance of trying a SB 6121 cable modem? Great modem. I presume the 5 series modem is what your ISP gave you?
-
Yes, the internet works 100% perfectly when I am not connected to VPN.
Then when I connect, it works for about two minutes then times out.
I used to be able to connect with my old D-Link but just got the new DIR-645 a few days ago.
I ran a ping -t google.ca without VPN
Works good.
Then I connect to VPN, still working
After two minutes, it starts to timeout.
Disconnect from VPN and it starts working again.
All my internet applications stop working when it starts to time out.
I don't have access to another modem, but I don't think that is the issue since my old modem worked fine before, the only thing that has changed is the router.
The router logs look very normal.
-
Hmmm, what previous DLink router did you have?
Would like to see some logs around this time frame.
Only thing I can think of from here would be to factory reset the router and set up reserved IP addresses for the PCs, dont' change any other settings and see if you can VPN connect and see if the problem persists.
After that you could try the beta FW update and see if it resolves. After that if it still persists then there could be an issue with this router and VPN.
-
Do you have a link to the beta firmware?
-
Could try this too before updating FW:
http://forums.dlink.com/index.php?topic=13352.0 (http://forums.dlink.com/index.php?topic=13352.0)
-
Tried those, but no success.
-
Follow the FW update sticky in this forum at the top.
ftp.dlink.com/Gateway/dir645/Beta/Firmware/DIR645A1_FW102B08_BETA.zip
-
Updated to the new firmware with the same results.
So weird that my connection works, but only for a few minutes then dies.
STOP DYING!
-
Are there any router log entires when this happens?
-
This is the only log information I see:
Time Message
Mon Feb 6 14:08:51 2012 Time synchronized
Mon Feb 6 14:08:41 2012 DHCP: Client receive ACK from 64.59.160.40, IP=24.108.196.209, Lease time=172800.
Mon Feb 6 14:08:39 2012 DHCP: Client send REQUEST, Request IP 24.108.196.209 from 64.59.160.40.
Mon Feb 6 14:08:39 2012 DHCP: Client receive OFFER from 64.59.160.40.
Mon Feb 6 14:08:39 2012 DHCP: Client send DISCOVER.
Mon Feb 6 14:08:36 2012 DHCP: Client release IP 24.108.196.209 to server 64.59.160.40.
Mon Feb 6 14:08:36 2012 DHCP: Client receive ACK from 64.59.160.40, IP=24.108.196.209, Lease time=172800.
Mon Feb 6 14:08:34 2012 no servers found in /etc/resolv.conf, will retry
Mon Feb 6 14:08:34 2012 DHCP: Client send REQUEST, Request IP 24.108.196.209 from 64.59.160.40.
Mon Feb 6 14:08:34 2012 DHCP: Client receive OFFER from 64.59.160.40.
Mon Feb 6 14:08:34 2012 DHCP: Client send DISCOVER.
Mon Feb 6 14:08:30 2012 DHCP: Client release IP 24.108.196.209 to server 64.59.160.40.
Mon Feb 6 14:08:30 2012 Time synchronized
Mon Feb 6 14:06:11 2012 Got new client [1C:65:9D:0C:B9:0A] associated from BAND24G-1.1 (2.4 Ghz)
Mon Feb 6 14:06:10 2012 DHCP: Server sending ACK to 192.168.0.100. (Lease time = -1)
Mon Feb 6 14:06:10 2012 DHCP: Server receive REQUEST from 1c:65:9d:0c:b9:0a.
Mon Feb 6 14:06:10 2012 WLAN:Association Success:STA 1C:65:9D:0C:B9:0A
Mon Feb 6 14:04:39 2012 DHCP: Server sending ACK to 192.168.0.104. (Lease time = 604800)
Mon Feb 6 14:04:39 2012 DHCP: Server receive REQUEST from 78:d6:f0:d6:20:d3.
Mon Feb 6 14:02:51 2012 Got new client [54:E6:FC:8C:49:F8] associated from BAND24G-1.1 (2.4 Ghz)
Mon Feb 6 14:02:50 2012 DHCP: Server sending ACK to 192.168.0.103. (Lease time = -1)
Mon Feb 6 14:02:50 2012 DHCP: Server receive REQUEST from 54:e6:fc:8c:49:f8.
Mon Feb 6 14:02:50 2012 WLAN:Association Success:STA 54:E6:FC:8C:49:F8
Mon Feb 6 14:02:45 2012 DHCP: Server sending ACK to 192.168.0.104. (Lease time = 604800)
Mon Feb 6 14:02:45 2012 DHCP: Server receive REQUEST from 78:d6:f0:d6:20:d3.
Mon Feb 6 14:02:42 2012 Got new client [00:21:00:43:E4:84] associated from BAND24G-1.1 (2.4 Ghz)
Mon Feb 6 14:02:41 2012 DHCP: Server sending ACK to 192.168.0.102. (Lease time = -1)
Mon Feb 6 14:02:41 2012 DHCP: Server receive REQUEST from 00:21:00:43:e4:84.
Mon Feb 6 14:02:41 2012 WLAN:Association Success:STA 00:21:00:43:E4:84
Mon Feb 6 14:02:41 2012 DHCP: Server sending ACK to 192.168.0.101. (Lease time = 604800)
Mon Feb 6 14:02:41 2012 DHCP: Server receive REQUEST from f0:4d:a2:48:b0:db.
Mon Feb 6 14:02:28 2012 Time synchronized
Mon Feb 6 14:02:17 2012 Web login success from 192.168.0.101
Mon Feb 6 14:02:16 2012 DHCP: Server sending ACK to 192.168.0.104. (Lease time = 60)
Mon Feb 6 14:02:15 2012 DHCP: Server receive REQUEST from 78:d6:f0:d6:20:d3.
Mon Feb 6 14:02:15 2012 DHCP: Server sending OFFER of 192.168.0.104.
Mon Feb 6 14:02:13 2012 DHCP: Server receive DISCOVER from 78:d6:f0:d6:20:d3.
Mon Feb 6 14:02:12 2012 WLAN:Association Success:STA 78:D6:F0:D6:20:D3
Mon Feb 6 14:02:11 2012 WLAN:Received disassociate:STA 78:D6:F0:D6:20:D3
Mon Feb 6 14:02:11 2012 DHCP: Server sending ACK to 192.168.0.101. (Lease time = 60)
Mon Feb 6 14:02:11 2012 DHCP: Server receive REQUEST from f0:4d:a2:48:b0:db.
Mon Feb 6 14:02:11 2012 DHCP: Server sending OFFER of 192.168.0.101.
Mon Feb 6 14:02:10 2012 DHCP: Client receive ACK from 64.59.160.40, IP=24.108.196.209, Lease time=172772.
Mon Feb 6 14:02:09 2012 warning: no upstream servers configured
Mon Feb 6 14:02:09 2012 DHCP: Server receive DISCOVER from f0:4d:a2:48:b0:db.
Mon Feb 6 14:02:09 2012 DHCP: Server sending NAK to f0:4d:a2:48:b0:db.
Mon Feb 6 14:02:09 2012 DHCP: Server receive REQUEST from f0:4d:a2:48:b0:db.
Mon Feb 6 14:02:08 2012 DHCP: Client send REQUEST, Request IP 24.108.196.209 from 64.59.160.40.
Mon Feb 6 14:02:08 2012 DHCP: Client receive OFFER from 64.59.160.40.
Mon Feb 6 14:02:08 2012 DHCP: Client send DISCOVER.
Mon Feb 6 14:02:08 2012 DHCP: Client performing a DHCP renew.
Mon Feb 6 14:02:06 2012 DHCP: Client release IP 24.108.196.209 to server 64.59.160.40.
Mon Feb 6 14:02:02 2012 Ownership and permissions disabled, configuration type 1
Mon Feb 6 14:02:02 2012 Mount options: allow_other,nonempty,relatime,fsname=/var/tmp/sda1,blkdev,blksize=512
Mon Feb 6 14:02:02 2012 Cmdline options:
Mon Feb 6 14:02:02 2012 Mounted /var/tmp/sda1 (Read-Write, label "EXTERNAL HD", NTFS 3.1)
Mon Feb 6 14:02:02 2012 Version 2010.10.2 integrated FUSE 27
Mon Feb 6 14:02:02 2012 Got new client [78:D6:F0:D6:20:D3] associated from BAND24G-1.1 (2.4 Ghz)
Mon Feb 6 14:02:01 2012 WLAN:Association Success:STA 78:D6:F0:D6:20:D3
Mon Feb 6 14:01:59 2012 WLAN:Start wireless interface success
Mon Feb 6 14:01:51 2012 ( (498)action 1,major 8,minor 1)
Mon Feb 6 14:01:51 2012 ( (497)action 1,major 8,minor 0)
Mon Feb 6 14:01:42 2012 DHCP: Client receive ACK from 64.59.160.40, IP=24.108.196.209, Lease time=172800.
Mon Feb 6 14:01:40 2012 DHCP: Client send REQUEST, Request IP 24.108.196.209 from 64.59.160.40.
Mon Feb 6 14:01:40 2012 DHCP: Client receive OFFER from 64.59.160.40.
Mon Feb 6 14:01:40 2012 DHCP: Client send DISCOVER.
Mon Feb 6 14:01:36 2012 ( (320)action 1,major 8,minor 1)
Mon Feb 6 14:01:35 2012 ( (319)action 1,major 8,minor 0)
Mon Feb 6 14:01:31 2012 no servers found in /etc/resolv.conf, will retry
-
Interesting and curious about these 2 entries:
Mon Feb 6 14:08:30 2012 DHCP: Client release IP 24.108.196.209 to server 64.59.160.40.
Mon Feb 6 14:02:06 2012 DHCP: Client release IP 24.108.196.209 to server 64.59.160.40.
This around the time frame during VPN and disconnects?
Either one of these IP addresses in the Status/Device Info/Wan IP address section?
Looks like the router or is dropping the connection to the ISP public address then re-establishes or tires to. ???
How long have you had this router?
I've forwarded this on to my contact at DLink for more info.
Could have a bad router or it's not handling VPN traffic correctly.
Only thing I would recommend is to try out a different router possibly. Either same model, or different DIR model router. If something else works, makes me think this particular router could be the issue.
My roommate uses VPN for his work and we don't have to configure anything on the router for it. Just goes thru and works. I have tested several models and they all work. I haven't tested the 645 though. I'm on cable and tested SB 6120, 6120 and now on a 6180 cable modems.
-
That is 24.108.196.209 appears to be my WAN IP Address
Then when I connect to VPN my IP becomes - 207.23.96.10
64.59.160.40 seems to by Shaw Cable's backbone address http://www.robtex.com/ip/64.59.160.40.html#ip
I've had this router for about a week. The only problem I am having is with VPN.
-
Ok.
Only other thing you could do is call up SHAW and ask them if they see any issues on there end regarding this and note the time frames. I don't think there is any big issue on there end however doesn't hurt. Maybe they can watch there logs and verify anything while you trying the VPN.
Other than this, i'm running out of ideas. I would try a different router for sure.
Only other think you could try is to take the router to a friend, neighbor or families house and test if you can go mobile with laptop. I presume the issue might track. Thats kind of extreme but helps to narrow down things.
If I hear back from my sources I'll let you know.
Let us know what you decide to do.
-
It's been 4 days, and all the old problems are still happening.
I called Shaw, and they said it's on my end and their system is functioning the same way, and working properly.
I tried our old router and it works with VPN finally, it's just this new DIR-645.
I guess my option now is to return it and get a new one, unless there is anything else.
Oh, I also go my network admin at work to restart the core network and the VPN server, no luck.
-
Couple of items to review if you want:
http://forums.dlink.com/index.php?topic=45758.0 (http://forums.dlink.com/index.php?topic=45758.0)
http://forums.dlink.com/index.php?topic=45758.0 (http://forums.dlink.com/index.php?topic=45758.0)
Let us know if this works or not.
It's possible that the 645 doesn't handle VPN like it should or there is a problem with it.
-
Now sure what you want me to do based on that thread, I don't see anything for me to do.
-
Just solved my VPN connection problem, just thought I'd pass along.
Couldn't get my Cisco VPN client to connect at all.
Went into Advanced > Firewall Settings and enabled all four of the following:
PPTP :
IPSec (VPN) :
RTSP :
SIP
Viola. Works now. Time will tell how stable the connection is.
-
Kewl. I didnt know they were disabled. Usually they are enables by default on othere router. Glad it works for you. Enjoy.
-
I tried that, still no luck for me.
-
Maybe stocktiki can help offer some more details of how he got his working. I would make contact with him.
-
Hi all,
Thanks god I'm not alone with this problem! I'm getting crazy. VPN connection can be established successfuly with AGL IPSEC enabled. Without IPSEC enabled I can't connect to VPN (which I can understand)
Followed by a successful connection initialization I get a time out and VPN disconnects. Sometimes after seconds, sometimes after minutes.
I am experiencing exactly the same as described in this post. Already tried every setting on the router. Even DMZ (client) does not work.
With another router everything is working fine. Problem must come from the router itself and not from the ISP, Modem or VPN client.
Here the VPN details of the company I work for.
---------------
Work with your ISP (internet service provider) to verify and ensure the ports below are open:
Packet filters for Point-to-Point Tunneling Protocol (PPTP)
TCP destination port of 1723 = PPTP tunnel maintenance traffic
IP Protocol ID of 47 = PPTP tunneled data
Packet filters for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPSec)
UDP destination port of 500 = Internet Key Exchange (IKE) traffic
UDP destination port of 1701 = allows L2TP traffic
UDP destination port of 4500 = IPSec network address translator traversal (NAT-T) traffic
---------------
Anyone an idea? Maybe because of the mix of protocols?
I really love this router except from the VPN problem...
Cheers
-
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.
To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged.
Some things to try:
Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking
Ensure devices are set to auto obtain an IP address.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking.
Hi all,
Thanks god I'm not alone with this problem! I'm getting crazy. VPN connection can be established successfuly with AGL IPSEC enabled. Without IPSEC enabled I can't connect to VPN (which I can understand)
Followed by a successful connection initialization I get a time out and VPN disconnects. Sometimes after seconds, sometimes after minutes.
I am experiencing exactly the same as described in this post. Already tried every setting on the router. Even DMZ (client) does not work.
With another router everything is working fine. Problem must come from the router itself and not from the ISP, Modem or VPN client.
Here the VPN details of the company I work for.
---------------
Work with your ISP (internet service provider) to verify and ensure the ports below are open:
Packet filters for Point-to-Point Tunneling Protocol (PPTP)
TCP destination port of 1723 = PPTP tunnel maintenance traffic
IP Protocol ID of 47 = PPTP tunneled data
Packet filters for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPSec)
UDP destination port of 500 = Internet Key Exchange (IKE) traffic
UDP destination port of 1701 = allows L2TP traffic
UDP destination port of 4500 = IPSec network address translator traversal (NAT-T) traffic
---------------
Anyone an idea? Maybe because of the mix of protocols?
I really love this router except from the VPN problem...
Cheers
-
It's working now with the Beta firmware!
I have a DSL. Modem is set as bridge. I think this was only a firmware problem.
can someone confirm? anyone else experiencing/experienced the same?
-
What version of FW did you load? Where did you get the Beta from? FTP?
-
I loaded the beta from the FTP
ftp.dlink.com/Gateway/dir645/Beta/Firmware/DIR645A1_FW102B08_BETA.zip (http://ftp.dlink.com/Gateway/dir645/Beta/Firmware/DIR645A1_FW102B08_BETA.zip)
VPN is now working with just IPSEC enabled in ALG. No port forwarding etc!
-
Is all 4 of the Firewall options ON by default after loading new FW? I'm curious if they are disabled now by default.
-
hm I don't know because it used the old configs.
But with factory firmware all 4 options were disabled by default!
-
Ok, this might just be a configuration with the initial Factory FW. They seem disabled by default so just re-enabling them should resolve this issue if using the initial FW version. Makes me wonder why they disabled them.
If anyone is experiencing issues like this, make sure all 4 Application Layer Gateway options are ENABLED. Even before updating FW.
Glad the beta is working as well. I would call this resolved. Hope it keeps working well for you.
Enjoy.
-
Sent you a PM.
hm I don't know because it used the old configs.
But with factory firmware all 4 options were disabled by default!
-
Working for him, still not working for me. hahaha
I've tried the beta firmware, and all ALGs are enabled.
-
I would get hold of UGAW and see if maybe he can help you out on teamviewer and maybe review your router settings. I would also try a different router and a new modem and see. The 5 Series modems are ok however are low end. I recommend a SB 6121 if your ISP supports it. I would ask your IT group who handles the VPN for you if there is any specific needs for there VPN to work on routers. Most don't need any sort of configuration. I know my roommate doesn't need any and is handled at the client and host side of his VPN.
Keep us posted.
-
Sorry to bring up an old topic but I have been PM'd a couple of times about this to reply with my experience since.
Did you ever fix it?
I don't know if I ever did. I just found a work around so I could avoid using a VPN. My only advice would be to try flashing a couple different firmwares, try the latest first and work your way back. Maybe it's fixed.
Otherwise we may have had faulty routers or the VPN you are using is using an incompatible setting with the DIR-645.
Good luck.
-
Ok...thanks for sharing. Glad you found an alternate work around. I'll have D-Link review this as I see there is another person having some VPN issues.
-
Can you provide us with some client VPN server information if possible? What brand or kind of VPN you were trying to use or connect too? This would be very helpful in D-Links review of this issue.
Please let us know.
-
Celsius,
I had the same problem with VPN via DIR-645. Eventually I solved it for my problem:
in Advanced > Firewall settings > (ALG) Configuration
all 4 settings were selected
when I unchecked IPSec (VPN) (other 3 still on)
my problem was solved
this is also mentioned in the online help:
IPSec (VPN)
Allows multiple VPN clients to connect to their corporate networks using IPSec. Some VPN clients support traversal of IPSec through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try disabling this option.
Maybe you can try this to
-
Thanks for sharing Peterk. Hope this will help some users out there.
Celsius,
I had the same problem with VPN via DIR-645. Eventually I solved it for my problem:
in Advanced > Firewall settings > (ALG) Configuration
all 4 settings were selected
when I unchecked IPSec (VPN) (other 3 still on)
my problem was solved
this is also mentioned in the online help:
IPSec (VPN)
Allows multiple VPN clients to connect to their corporate networks using IPSec. Some VPN clients support traversal of IPSec through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try disabling this option.
Maybe you can try this to