D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: JOHIRSH on April 11, 2013, 03:12:47 PM
-
I am trying to get a L2TP/IPSEC VPN going on one of my servers behind the DIR655 router
I have used Port Forwarding and Virtual Server and neithere seem to allow these ports to be open
in either situation a port scan shows the ports closed..My ISP (Comcast) does not block these ports
any suggestions?
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=41537.0)
What Hardware version is your router? Look at sticker under router.
Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on routers web page under status.
What region are you located?
What ISP Service do you have? Cable or DSL?
What ISP Modem Mfr. and model # do you have?
Link>Checking MTU Values (http://forums.dlink.com/index.php?topic=53008.0)
Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router.
Turn off ALL QoS (http://vonage.nmhoy.net/qos.html) or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
Enable Use Unicasting (compatibility for some ISP DHCP Servers) under Setup/Internet/Manual.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
Ensure devices are set to auto obtain an IP address.
If IPv6 is an option on the router, select Local Connection Only or Disable IPv6 options under Setup/IPv6.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules.
Turn off WISH, and WPS under Advanced.
WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
Set current Time Zone, Date and Time. Use an NTP server feature. Tools/Time.
-
I am using a motorola modem unsure of model as it is a remote installation
the router is HW Version B1 Firmware Version 2.00NA
setttings are as you stated
Comcast is a cable company and does not block these 4500 or 500
-
We'll need the modem model information unless you are fully sure that the modem is a stand alone modem with out a built in router.
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.
Double NAT (http://www.practicallynetworked.com/networking/fixing_double_nat.htm)
To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged.
If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ.
If you are using Port Forwarding, ensure the uPnP setting is disabled.
You might try setting up Virtual Server vs using PF.
-
I am 75% certain it is a motorola Surfboard SB6120 I am certain it has no router
-
Good modem...ya, no built in router.
-
I have tried Virtual server and PF both with no success
-
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Disable uPnP for testing Port Forwarding rules?
-
did all the the things you told me to in the first post
-
Lets give this a try:
Download the 2.10NA fw directly from DLinks web site and unpack the .zip file.
Then follow this please:
FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)
After that has been process, set up the router from scratch and use either Virtual Server or PF. If you use PF, make sure uPnP is disabled.
Setup IP reservations ON the router. Devices set to Auto IP addresses.
NAT Endpoint Independent.
-
hmm its a remote location.. I will be there in two weeksw and can do that then i feel that teh reset will make the router unavailable to me
it also will ive me the option to replace it too
-
Ya, if you have remote option enabled, resetting or FW update will make the option disabled.
Suggestion:
One thing you can do, if you get to the remote site and if there is a PC connected on the other side. Install Teamviewer or some similar remote access program on the PC. Now if the router remote control gets disabled by a factory reset or FW update, you can log into the remote control program on the connected PC and then gain access to the router long enough to enable the on board remote option on the router to enable it.
I use Teamviewer all the time to help review router settings and when I don't have direct remote access to the router. You'll just need to leave the remote access control program running all the time as your back up if you need this suggestion.
Keep us posted on how it goes.
-
I am using Logmein.... i have several mac on the "otherside" but if I reset the router (and it is my main router) won't it block access even though the Mac are static IPs??
-
It should not block I believe. If Logmein uses simple HTTP authentication and connections with out any configurations of ports, then if the router is reset to factory defaults, that application should still work afterwards. I don't have any experience with that application. I do know that TV is fairly simple and doesn't need any port configuration. Why some of use use it as a back door access to the router should something like this happen to the router. Ya, if there is a problem with the WAN side, router or PC, then of course, remote connection will be a problem.
-
hmmmmmm no port config required for Logmin
what I might try is to update my DIR 655 at my current location
I can come in from my remote location.. if i can still gain access then i can do the remote
if i can;t I at least can undo the damage
actually sounds like kind of fun . throw a match and see if it burns
-
Well if it burns, thats probably a good thing. We just don't want to have anything to explode huh? ::)
If Logmein works then you have a back door to the router in emergency cases.
Keep us posted.
-
here is a really dumb question
I did a port scan within my intranet in the router...
wit exception port 80 it did not show any of my VS or PF ports as open
is this right????
-
You have to be using the ports actively before port scanning to get an accurate result i believe. Ports are not open all the time by default.
-
well i updated the local router
good thing i did... default configuration uses different IP range then I do and all my machines are static assigned
I lost all internet connectivity when i did that here as i am also static here
I am going to move one of my remote machines to DHCP and MAYBE give it a shot
-
another dumb question
if i moved the VPN server into the DMZ that would tell me if the DIR 655 is blocking or not right?
-
never mind... I killed my access to the remote networ. i will be back to this thread in about two weeks when i am physically there...
guess it was an explosion after all
-
Yes, test the VPN server to the DMZ and test.
Damn, sorry about the explosion. I would recommend setting up one PC with a reserved IP address ON the router and install Teamviewer on this PC so you can get in the back door if something like this happens. I know it's too late now, however, for future needs.
Keep us posted.
-
trouble is that DLINK defaults to 192.168.X.X
I am mac os x/ Unix we tend to the 10.0.X.X
i allowed one to go with the DHCP bo luck
Might try teamviewer vs Logmein in the future
-
Ya, you'll need to set up one PC or something to make it so you can get in remotely when in emergencies I think. 10.#.#.#.# is a good working address pool however, ya, the default address for most Mfr routers uses the 192 pool. You might want to maybe set up one PC at the remote site that can be on a static IP address of 192 maybe and always one should something be needed in emergency. Maybe you might change back to 192 addressing. Got some things to figure out. Hope it works out for you.
-
OK at remote router,, I think the lost of access was a dns issue.... machines involved did not have an outside DNS address I will play with that later
OK loaded up the new firmware and no joy. Still no LT2P/IPSEC PPTP is fine
I might give OPENVPN a shot when I am bored
besides that I think i am going to give it a pass... I have always had issues with the DIR 655 and range so thuis additional issue just adds reason to investigate alternatives
thanks for all the help though...I learned a lot
-
Something to review for DNS:
Link>Finding Faster DNS Addresses using Name Bench (http://forums.dlink.com/index.php?topic=53222.0)
Good Luck.
-
Actually normallt my dns is just fine... if i remember to add one besides the router.. router changes IP and opppps
thanks again for all the help
-
Keep us posted if you get it going or find something else.
DLink has some new routers out. I recommend that you phone contact Sales and give them some details on what your network needs are and maybe they can recommend a good router for you.
Let us know if you find out anything.