Port forwarding problem, i'm stuck

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
Someone in my house needs ports 1812 and 1813 open to work remotly through vpn.
I opened ports 1812 and 1813 on router and disabled firewall in windows. This website is still showing them closed.
https://www.yougetsignal.com/tools/open-ports/
I plugged the computer directly into modem and it still shows ports closed. Any advice on next step? Does it sound like I didn't disable windows firewall correctly?
I opened ports for my cellphones ip address and that didnt work either. They where showing blocked through my phone as well.

I have a netgear r7000 router and motorola sb6141 modem.

Anything else I can try? Im at a dead end with this. Any help appreceated.
 

Shockey

[H]ard|Gawd
Joined
Nov 24, 2008
Messages
2,029
Did you configure the IP/DNS name to forward traffic on these ports to the windows PC?

Also is the service using these ports running on the PC?

Can you provide screenshots of the router configurations? You can black out IP/personal info.
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,320
Do you know if your ISP is blocking inbound ports? It used to be pretty common for ISPs to block mail, http, etc. (these appear to be commonly used for RADIUS).

Probably a dumb question but: are you connecting to the VPN from your network? I've always had to make outbound rules connecting to a VPN since you are initiating the connection, not the other way around--but I haven't used all of them.
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
Thanks for reply

"Did you configure the IP/DNS name to forward traffic on these ports to the windows PC?" I selected the computer name that matched the computer I was working on. Is that what you mean by IP/DNS? I tried it with multiple computers and my phone. I also tried bypassing the router all together and plugging Ethernet directly into modem and that website was still showing those ports closed.

"Also is the service using these ports running on the PC?" To rule this out, the computer I tried plugging into modem directly didn't have the vpn software installed.
I might be misunderstanding your questions. I don't know much about this.

Untitled.png
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
Do you know if your ISP is blocking inbound ports? It used to be pretty common for ISPs to block mail, http, etc. (these appear to be commonly used for RADIUS).

Probably a dumb question but: are you connecting to the VPN from your network? I've always had to make outbound rules connecting to a VPN since you are initiating the connection, not the other way around--but I haven't used all of them.
Its possible for ISP to block ports before modem? If so i'll call them and see if I can get someone to help me with it. When I called them about it they just told me to download the app. Then the app gave a error because I own the hardware,I think it only works with their rental modem,router.
"Probably a dumb question but: are you connecting to the VPN from your network? I've always had to make outbound rules connecting to a VPN since you are initiating the connection, not the other way around--but I haven't used all of them."
I'm not sure how to answer this. The person at my house got disconnected from remote access to their work computer after a power outage. The IT guy helping them thinks the power outage rebooted the modem adding new firewall rules. (he is probably assuming I have a all in one rental modem) He recommended calling Comcast and say we are trying to use a vpn that connects on port 1812 and 1813 and it appears to be blocked.
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,320
Yeah, they used to block a lot of stuff. Comcast has been well known for it. They block http 80/443 (sometimes 8080, etc) inbound because they don't want you to host your own webserver without paying for commercial service, they generally block smtp (21?) because they *really* don't want you to run your own mail server (think of all the spam out there already, it's for a good cause). I would be pretty surprised to see a VPN connection requiring a forwarding rule and such to connect to you, because that would imply the VPN server is initiating the connection instead of the other way around. It would be good to call your ISP but I would suspect the rules you are looking for are outbound on your device.

Can you show a screenshot of your firewall rules?
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
I got a friend to help me through team viewer. He disabled all the firewalls and those ports are still closed. I'm going to have to call Comcast and have them check if those ports are blocked on their end. Sorry I didn't get back sooner I got held up at work. Ill call Comcast after work tomorrow and report back.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
636
The ports show closed because you don't have a server listening for them. You can make whatever changes you like on the firewall and it won't change that fact. This whole thing is a red herring. You should not have to open any inbound ports for a vpn client to originate an outbound connection. The tech was either clueless or wanted to move on to the next ticket. What is the vpn client and has anyone just reinstalled it or at least reconfigured a new connection?
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
I'm not sure what he did. I'll find out what the client is and I'll look into reinstalling it myself. I had a feeling I was barking up the wrong tree.
 

scrappymouse

Weaksauce
Joined
Mar 18, 2016
Messages
77
Those ports are normally used for RADIUS authentication, I'm guessing they are trying to do something like this....https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure that may help
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,807
Most consumer grade router/firewalls allow all outbound traffic so you should be good there.
Windows firewall pop-ups have a nasty habit of staying hidden behind the application causing them( or the application insists on keeping focus). When you next try, might minimize the client and make sure there isn't a waiting Windows Firewall prompt box.
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
Those ports are normally used for RADIUS authentication, I'm guessing they are trying to do something like this....https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure that may help
That link went over my head. I'm going to come back to it later.

It's Windows Remote desktop assistant. If I have their username and password can I set this up on another computer and see if I can get it to work or am I going to need someone on the other end to respond to a security prompt?

Also I want to do what I can to assure that those ports are open in case I cant solve this on my own and have to hand it back over to them. I can at least say I did my part. I called Comcast and they said that its not possible for them to block ports before the modem. Is this true? Is there software I can download that will tell me if those ports are open?
 

Spartacus09

[H]ard|Gawd
Joined
Apr 21, 2018
Messages
1,368
Also I want to do what I can to assure that those ports are open in case I cant solve this on my own and have to hand it back over to them. I can at least say I did my part. I called Comcast and they said that its not possible for them to block ports before the modem. Is this true? Is there software I can download that will tell me if those ports are open?
Not quite true, they block a handful of ports: https://forums.xfinity.com/t5/Inter...d-Internet-Ports-List-and-How-to/ta-p/3232503
That said the ports you noted don't appear blocked, from your description.

Secondly what kind of authentication does it use? I know some of the netgears have certain traffic types blocked by default such as ipsec/L2TP/PPTP and you have to toggle it to allow the traffic.
I believe it might be the security option and under Firewall and WAN security (VPN Passthrough)?

Someone in my house needs ports 1812 and 1813 open to work remotly through vpn.
Going back to the start, so to confirm someone in your house has a vpn client they are using to connect elsewhere to their company correct?

Do you have a hotspot on your phone you could connect the computer to? That way you can test a secondary internet connection just to see if it might be the server side or otherwise.

I have seen weird network issues with certain ISPs not being able to connect to certain VPN traffics.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,807
There have been a bunch of Microsoft patches for RDP and related software due to multiple vulnerabilities, some of which were being exploited. IIRC, some of the patches deprecated earlier versions of RDP in favor of later, supposedly more secure versions. Some of the security recommendations included simply turning the service off if you didn't need it.

Found this doc: https://docs.microsoft.com/en-us/wi...roubleshoot/rdp-error-general-troubleshooting
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
Not quite true, they block a handful of ports: https://forums.xfinity.com/t5/Inter...d-Internet-Ports-List-and-How-to/ta-p/3232503
That said the ports you noted don't appear blocked, from your description.

Secondly what kind of authentication does it use? I know some of the netgears have certain traffic types blocked by default such as ipsec/L2TP/PPTP and you have to toggle it to allow the traffic.
I believe it might be the security option and under Firewall and WAN security (VPN Passthrough)?



Going back to the start, so to confirm someone in your house has a vpn client they are using to connect elsewhere to their company correct? Yes

Do you have a hotspot on your phone you could connect the computer to? That way you can test a secondary internet connection just to see if it might be the server side or otherwise.

I have seen weird network issues with certain ISPs not being able to connect to certain VPN traffics.
Does this answer the authentication question? I pasted that from my router faq page.
What is WPS (Wi-Fi Protected Setup)?
Wi-Fi Protected Setup (WPS) is a standard for easy and secure establishment of a wireless network. WPS will automatically configure a wireless network with a network name (SSID) and strong WPA data encryption and authentication.

"Going back to the start, so to confirm someone in your house has a vpn client they are using to connect elsewhere to their company correct?" Yes

That's a great idea about the hot spot. Ill see if I can borrow a phone to try it or Ill activate it.

There are no firewall settings in the router firmware but I did find this page. I'm going to try different settings here.


20200522_203402.jpg
 

Spartacus09

[H]ard|Gawd
Joined
Apr 21, 2018
Messages
1,368
Not quite, page 183 of the manual is what I was referring "VPN pass-through" : http://www.downloads.netgear.com/files/GDC/R7000/R7000_UM.pdf
You're looking for an advanced setting, WAN setting, or security settting likely (and it says its enabled by default so not likely but good to verify)
It is going to be separate/different from the wifi or WPS settings.

That section in the screenshot is a vpn setup for getting from somewhere else TO your network, not from it not quite what I was notating.
 

Burner27

Supreme [H]ardness
Joined
Oct 23, 2000
Messages
6,399
That error would seem to indicate the destination server isn’t responding (for whatever reason) or the configuration you are using for your vpn software changed. can you post that please?
 

455olds

Gawd
Joined
Dec 19, 2008
Messages
742
That error would seem to indicate the destination server isn’t responding (for whatever reason) or the configuration you are using for your vpn software changed. can you post that please?
I don't know how to access the vpn software but I may have just ruled that out.

I just brought the computer downstairs and plugged it directly into the modem and it was able to connect so there must be a router setting that I am missing. I made a post on the Netgear forum. Hopefully someone familiar with that router firmware can help me. I may poke around in the firmware a bit more and see if I can find something I missed.
 

Burner27

Supreme [H]ardness
Joined
Oct 23, 2000
Messages
6,399
Thanks for reply

"Did you configure the IP/DNS name to forward traffic on these ports to the windows PC?" I selected the computer name that matched the computer I was working on. Is that what you mean by IP/DNS? I tried it with multiple computers and my phone. I also tried bypassing the router all together and plugging Ethernet directly into modem and that website was still showing those ports closed.

"Also is the service using these ports running on the PC?" To rule this out, the computer I tried plugging into modem directly didn't have the vpn software installed.
I might be misunderstanding your questions. I don't know much about this.

View attachment 246712
When you select the machine's IP address from here, does it stick (i.e.: the bulleted choice stays selected)?
 
Top