So I have a VPN hosted on our company Server, it allows for 2 or 3 employees to remote in to access files, very simple.
Recently 1 end user changed their internet provider to Spectrum, and got all new equipment and it rendered him unable to connect to the VPN, after some troubleshooting, decided to try to update out company router because it was very old.
Since it’s a small company, thought we could get away with picking up a Nighthawk RAX43v2, and that seems now to have been a bad move as no users can connect to the VPN now. All ports are forwarded, however when checked through canyouseeme.org I’m getting connection refused.
Took the VPN down completely reconfigured it several times for both PPTP and L2TP(Pre-Shared Key) and still no good, decided to try to use SoftEther just to make sure it wasn’t a service on the Server that was down and that’s not connecting either, but users on site using SoftEther are able to connect to the VPN, so I’m fairly certain it’s a firewall issue.
Anyone with some experience in this matter have any suggestions for us to get back up and running? Am I shooting myself in the foot by using a Netgear, should we just put more money into a more enterprise solution?
We’re using Windows Server 2019 in office, and all endpoints are Windows 10.
Could be a number of things however let check basic stuff as you have replaced the router.
1- is normal internet working through the new router?
2- does it has same DHCP scope with same Default gateway?
3- It could be due to the Arp entries, are you able to ping the server from the router?
4- can server able to ping the router - default gateway?
5- what url or IP users externally trying to connect?
6- if using public static IP check if you still have that, you can check this from google what is my ip or ipchicken.com
7- Port forwarding is done properly on the router?
Started by using the VPN built into Windows Server, now currently using SoftEther.
Client remote access VPN.
That’s the problem with these new consumer level routers right, is they have no options to enable any of that stuff, so currently no which is primarily why I’m thinking of swapping the router out again.
IP is dynamic, however no it hasn’t changed at all. Also note that Spectrum currently has provided us with one of their older modems with routing built in, but I’ve turned the firewall and DHCP off on that device completely and it shouldn’t be causing an issue with networking.
Yeah I’m figuring this is the problem, but just wanted to cover all bases before packing it back up and shipping it off. I’ve never had a problem configuring up a consumer level router for VPN access before because they had options to setup the firewall the way it needed to be. But they don’t make them the same as they used to.
Running the VPN at router level is a good suggestion thank you, never had to do that for a remote access VPN but that may be the way.
Do you have any recommendations as far as a replacement router?
Also server can reach the router and default gateway, just logged in and checked now and it doesn’t look like the router has the functionality to check ping out.
Also from inside of the network connection to the Ethersoft VPN works. So I know the VPN is configured and accepting users.
turning off wifi and dhcp is NOT the same as bridge mode. if you have a business internet plan, you need to get them to help you turn on bridge mode.
second thing is if you want to stay on the cheap end I might suggest something like a TP-Link Omada router. These do not have very sophisticated firewalls, nor do they offer any suite of advanced security services, but compared to an off the shelf consumer router, its a huge plus.
If you can, I would suggest getting something like a Fortigate 40F, which you can get with no support or advanced security features for like $300.
But what I would actually suggest is buying the the support contract as well.
