Port forwarding problem, i'm stuck

455olds

Gawd
Joined
Dec 19, 2008
Messages
791
Someone in my house needs ports 1812 and 1813 open to work remotly through vpn.
I opened ports 1812 and 1813 on router and disabled firewall in windows. This website is still showing them closed.
https://www.yougetsignal.com/tools/open-ports/
I plugged the computer directly into modem and it still shows ports closed. Any advice on next step? Does it sound like I didn't disable windows firewall correctly?
I opened ports for my cellphones ip address and that didnt work either. They where showing blocked through my phone as well.

I have a netgear r7000 router and motorola sb6141 modem.

Anything else I can try? Im at a dead end with this. Any help appreceated.
 
Did you configure the IP/DNS name to forward traffic on these ports to the windows PC?

Also is the service using these ports running on the PC?

Can you provide screenshots of the router configurations? You can black out IP/personal info.
 
Do you know if your ISP is blocking inbound ports? It used to be pretty common for ISPs to block mail, http, etc. (these appear to be commonly used for RADIUS).

Probably a dumb question but: are you connecting to the VPN from your network? I've always had to make outbound rules connecting to a VPN since you are initiating the connection, not the other way around--but I haven't used all of them.
 
Thanks for reply

"Did you configure the IP/DNS name to forward traffic on these ports to the windows PC?" I selected the computer name that matched the computer I was working on. Is that what you mean by IP/DNS? I tried it with multiple computers and my phone. I also tried bypassing the router all together and plugging Ethernet directly into modem and that website was still showing those ports closed.

"Also is the service using these ports running on the PC?" To rule this out, the computer I tried plugging into modem directly didn't have the vpn software installed.
I might be misunderstanding your questions. I don't know much about this.

Untitled.png
 
Do you know if your ISP is blocking inbound ports? It used to be pretty common for ISPs to block mail, http, etc. (these appear to be commonly used for RADIUS).

Probably a dumb question but: are you connecting to the VPN from your network? I've always had to make outbound rules connecting to a VPN since you are initiating the connection, not the other way around--but I haven't used all of them.
Its possible for ISP to block ports before modem? If so i'll call them and see if I can get someone to help me with it. When I called them about it they just told me to download the app. Then the app gave a error because I own the hardware,I think it only works with their rental modem,router.
"Probably a dumb question but: are you connecting to the VPN from your network? I've always had to make outbound rules connecting to a VPN since you are initiating the connection, not the other way around--but I haven't used all of them."
I'm not sure how to answer this. The person at my house got disconnected from remote access to their work computer after a power outage. The IT guy helping them thinks the power outage rebooted the modem adding new firewall rules. (he is probably assuming I have a all in one rental modem) He recommended calling Comcast and say we are trying to use a vpn that connects on port 1812 and 1813 and it appears to be blocked.
 
Yeah, they used to block a lot of stuff. Comcast has been well known for it. They block http 80/443 (sometimes 8080, etc) inbound because they don't want you to host your own webserver without paying for commercial service, they generally block smtp (21?) because they *really* don't want you to run your own mail server (think of all the spam out there already, it's for a good cause). I would be pretty surprised to see a VPN connection requiring a forwarding rule and such to connect to you, because that would imply the VPN server is initiating the connection instead of the other way around. It would be good to call your ISP but I would suspect the rules you are looking for are outbound on your device.

Can you show a screenshot of your firewall rules?
 
I got a friend to help me through team viewer. He disabled all the firewalls and those ports are still closed. I'm going to have to call Comcast and have them check if those ports are blocked on their end. Sorry I didn't get back sooner I got held up at work. Ill call Comcast after work tomorrow and report back.
 
The ports show closed because you don't have a server listening for them. You can make whatever changes you like on the firewall and it won't change that fact. This whole thing is a red herring. You should not have to open any inbound ports for a vpn client to originate an outbound connection. The tech was either clueless or wanted to move on to the next ticket. What is the vpn client and has anyone just reinstalled it or at least reconfigured a new connection?
 
I'm not sure what he did. I'll find out what the client is and I'll look into reinstalling it myself. I had a feeling I was barking up the wrong tree.
 
Those ports are normally used for RADIUS authentication, I'm guessing they are trying to do something like this....https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure that may help
 
Most consumer grade router/firewalls allow all outbound traffic so you should be good there.
Windows firewall pop-ups have a nasty habit of staying hidden behind the application causing them( or the application insists on keeping focus). When you next try, might minimize the client and make sure there isn't a waiting Windows Firewall prompt box.
 
Those ports are normally used for RADIUS authentication, I'm guessing they are trying to do something like this....https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure that may help
That link went over my head. I'm going to come back to it later.

It's Windows Remote desktop assistant. If I have their username and password can I set this up on another computer and see if I can get it to work or am I going to need someone on the other end to respond to a security prompt?

Also I want to do what I can to assure that those ports are open in case I cant solve this on my own and have to hand it back over to them. I can at least say I did my part. I called Comcast and they said that its not possible for them to block ports before the modem. Is this true? Is there software I can download that will tell me if those ports are open?
 
Also I want to do what I can to assure that those ports are open in case I cant solve this on my own and have to hand it back over to them. I can at least say I did my part. I called Comcast and they said that its not possible for them to block ports before the modem. Is this true? Is there software I can download that will tell me if those ports are open?
Not quite true, they block a handful of ports: https://forums.xfinity.com/t5/Inter...d-Internet-Ports-List-and-How-to/ta-p/3232503
That said the ports you noted don't appear blocked, from your description.

Secondly what kind of authentication does it use? I know some of the netgears have certain traffic types blocked by default such as ipsec/L2TP/PPTP and you have to toggle it to allow the traffic.
I believe it might be the security option and under Firewall and WAN security (VPN Passthrough)?

Someone in my house needs ports 1812 and 1813 open to work remotly through vpn.
Going back to the start, so to confirm someone in your house has a vpn client they are using to connect elsewhere to their company correct?

Do you have a hotspot on your phone you could connect the computer to? That way you can test a secondary internet connection just to see if it might be the server side or otherwise.

I have seen weird network issues with certain ISPs not being able to connect to certain VPN traffics.
 
There have been a bunch of Microsoft patches for RDP and related software due to multiple vulnerabilities, some of which were being exploited. IIRC, some of the patches deprecated earlier versions of RDP in favor of later, supposedly more secure versions. Some of the security recommendations included simply turning the service off if you didn't need it.

Found this doc: https://docs.microsoft.com/en-us/wi...roubleshoot/rdp-error-general-troubleshooting
 
Not quite true, they block a handful of ports: https://forums.xfinity.com/t5/Inter...d-Internet-Ports-List-and-How-to/ta-p/3232503
That said the ports you noted don't appear blocked, from your description.

Secondly what kind of authentication does it use? I know some of the netgears have certain traffic types blocked by default such as ipsec/L2TP/PPTP and you have to toggle it to allow the traffic.
I believe it might be the security option and under Firewall and WAN security (VPN Passthrough)?



Going back to the start, so to confirm someone in your house has a vpn client they are using to connect elsewhere to their company correct? Yes

Do you have a hotspot on your phone you could connect the computer to? That way you can test a secondary internet connection just to see if it might be the server side or otherwise.

I have seen weird network issues with certain ISPs not being able to connect to certain VPN traffics.

Does this answer the authentication question? I pasted that from my router faq page.
What is WPS (Wi-Fi Protected Setup)?
Wi-Fi Protected Setup (WPS) is a standard for easy and secure establishment of a wireless network. WPS will automatically configure a wireless network with a network name (SSID) and strong WPA data encryption and authentication.

"Going back to the start, so to confirm someone in your house has a vpn client they are using to connect elsewhere to their company correct?" Yes

That's a great idea about the hot spot. Ill see if I can borrow a phone to try it or Ill activate it.

There are no firewall settings in the router firmware but I did find this page. I'm going to try different settings here.


20200522_203402.jpg
 
Not quite, page 183 of the manual is what I was referring "VPN pass-through" : http://www.downloads.netgear.com/files/GDC/R7000/R7000_UM.pdf
You're looking for an advanced setting, WAN setting, or security settting likely (and it says its enabled by default so not likely but good to verify)
It is going to be separate/different from the wifi or WPS settings.

That section in the screenshot is a vpn setup for getting from somewhere else TO your network, not from it not quite what I was notating.
 
Here is one of the error messages I get and a couple screenshots of router settings.
20200523_183658.jpg

20200523_183747.jpg

20200523_112305 (3).jpg
 
That error would seem to indicate the destination server isn’t responding (for whatever reason) or the configuration you are using for your vpn software changed. can you post that please?
 
That error would seem to indicate the destination server isn’t responding (for whatever reason) or the configuration you are using for your vpn software changed. can you post that please?
I don't know how to access the vpn software but I may have just ruled that out.

I just brought the computer downstairs and plugged it directly into the modem and it was able to connect so there must be a router setting that I am missing. I made a post on the Netgear forum. Hopefully someone familiar with that router firmware can help me. I may poke around in the firmware a bit more and see if I can find something I missed.
 
Thanks for reply

"Did you configure the IP/DNS name to forward traffic on these ports to the windows PC?" I selected the computer name that matched the computer I was working on. Is that what you mean by IP/DNS? I tried it with multiple computers and my phone. I also tried bypassing the router all together and plugging Ethernet directly into modem and that website was still showing those ports closed.

"Also is the service using these ports running on the PC?" To rule this out, the computer I tried plugging into modem directly didn't have the vpn software installed.
I might be misunderstanding your questions. I don't know much about this.

View attachment 246712
When you select the machine's IP address from here, does it stick (i.e.: the bulleted choice stays selected)?
 
I'm off the hook for now. I did a master reset to router last night and it just started working on its own today. Appreciate all the help you guys gave me with this. If it happens again I am going to load tomato or that other one on it.
 
This problem is still ongoing. I tried ww-wrt and it was unstable and didn't work will with extender.

Would this modem solve my problem?
ARRIS SURFboard SB8200

https://www.amazon.com/ARRIS-SURFboard-Approved-SB8200-Frustration/dp/B07DY16W2Z/ref=sr_1_1_sspa?crid=16ASSVEPE9C7C&dchild=1&keywords=sb8200&qid=1596303285&sprefix=Sb,aps,149&sr=8-1-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUFBM0M5OUpaUVVSSlImZW5jcnlwdGVkSWQ9QTAzNDk1NTExTEhIRzNTSUM2MjVKJmVuY3J5cHRlZEFkSWQ9QTA1NTI5OTkyRDRPRVRPSDc3RlNUJndpZGdldE5hbWU9c3BfYXRmJmFjdGlvbj1jbGlja1JlZGlyZWN0JmRvTm90TG9nQ2xpY2s9dHJ1ZQ==&tag=hardfocom-20

Can I just plug 2 Ethernet cables into it without having Comcast provision it for 2 ip addresses? Is there other drawbacks to plugging 2 Ethernet cables into modem? (like them running at half speed or something) Any other input about the modem appreciated.
If I plug the other computer straight into modem i'm hoping that will solve my remote desktop problem by avoiding the router altogether.
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
I did some searching and i guess I have to pay for a 2nd ip address to get that router to work the way I want.
 
I did some searching and i guess I have to pay for a 2nd ip address to get that router to work the way I want.
You shouldn't have to do this, and the fact that when you reset the router it all started working proves it. spending the extra money for a second IP address is unnecessary
I'm not sure why you seem dead set on avoiding your router, i wouldn't recommend that route. In addition, plugging a second computer directly into the modem and putting it on a public IP address is a VERY bad idea
 
You shouldn't have to do this, and the fact that when you reset the router it all started working proves it. spending the extra money for a second IP address is unnecessary
I'm not sure why you seem dead set on avoiding your router, i wouldn't recommend that route. In addition, "plugging a second computer directly into the modem and putting it on a public IP address is a VERY bad "
.

Would this router be a better option than replacing modem? Should it work ok with my netgear ex7000 extender?
ASUS AC2900 WiFi Dual-band Gigabit Wireless Router

https://www.amazon.com/Dual-band-Du...&sprefix=Asus,aps,168&sr=8-3&tag=hardfocom-20
I dont want to go with another netgear and have same problem.

If I did use the modem with extra line I could use a cheap router for firewall.
 
Last edited:
As an Amazon Associate, HardForum may earn from qualifying purchases.
What a strange situation. I haven't needed to manually port forward for any VPN ever. Even in the early days of terrible cisco VPNs.
 
I hate to replace the router because it's been rock solid with extender. DD-WRT or other routers I have are unstable with connection and extender. They need to be rebooted after power outage or internet outage where the r7000 would come back online on its own.
 
I did a little more research and I need a business account to use that modem with 2 ip addresses so I can't do that.
To make things worse my modem is throwing a lot of errors. Anyone know what these mean? Bad connection in line somewhere?
1596765047473223871367622062435.jpg
 
Back
Top