No VPN–Verizon FiOS Gateway G1100

Topic

New Reply

We have a Verizon FiOS Gateway router,model G-1100, which has an issue I’m hoping someone can help me with:

Currently: If the VZ router is in the circuit, the VPN doesn’t work.

History:  I have been backing up off-site to a friend’s computer, via a Windows10 Pro VPN.  The set-up, which worked fine for the better part of 4 years, went ka-flooie in December, first working intermittently and then in mid-January, once, and since then never again.  To be sure my Windows installation was not at fault, I do a refresh install in mid-January.  We have tracked the problem down to, of all things the Verizon G-1100 Gateway.  I was on the phone this morning with Verizon tech support discussing the issue. With the tech’s guidance I set up the router’s DMZ to my ethernet connected computer, and was unable to connect.  I used my previously configured VPN  info (same as on my desktop) to set up a VPN on my laptop. We then wired around the router, and the connection was made in less than 5 seconds.  When the router is connected, however, the VPN simply doesn’t work.

Before I buy a new router, I was wondering if there is anything in the router’s settings that could cause this behavior?  The router is set to all default settings except that I configured the gateway (correct term?) to use OpenDNS, not Verizon’s DNS.

Any directions should be in American English.  🙂

 

Reply | Quote

Replies

Sorry @Henwin, I’m not familiar with the workings of FiOS, and I’m not sure I could be considered fluent in US-English… but
Is there a port blockage in the router? It’s possible the router has a firewall that is preventing access through a particular port that the VPN needs? or maybe it’s a firewall problem on the computer?

1 user thanked author for this post.

OscarCP

Reply | Quote

I kinda doubt it…only because it worked fine for 4+ years and then became flaky and finally conked out altogether.  That sounds to me like some kind of functionality/electronics failure not a port blockage issue.

Reply | Quote

Have y’all done a full reset of the G1100 there?

cheers, Paul

1 user thanked author for this post.

Cybertooth

Reply | Quote

Yes.  Many times.  Verizon even reset the router to its default settings, to no avail. 🙁

Reply | Quote

This is a bit esoteric so I am going to suggest that w/o out any other suggestions that you head on over to the DLSReports website.

https://www.dslreports.com/forum/vzfiber
is the general forum for Verizon and has many very knowledgeable members.

https://www.dslreports.com/forum/vzdirect

Is Verizon Direct and is reputed to have verizon techs involved.

Be sure to post relevant information as what VPN service you are using. (you did not mention that)

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Actually, I did.  I’m not using a “service”.  I’m using, as I stated in the first line of the History statement, that I am using Win10 Pro’s built-in VPN capability.

Thanks for the other links.   I will check them out.  But I also want to point out, that I was on the phone already, with VZ’s tech support and that’s how we became sure it was the router: he had me set up the exact same VPN on my laptop and then connect directly to the ONT using the Ethernet cable that normally feeds the G1100 Router, where the connection connected within 5 seconds!

Reply | Quote

[wavy]

Henwin
There are techs and then there are TECHS. The guys (I should say gals as one one the good ones was ) on the phone support are at best 50/50. Sometimes better hanging up and calling back later. The folk on those forums are good and Verizon is their specialty.

Do let us know how you solve this problem as this is how we all learn.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

• This reply was modified 4 years, 1 month ago by wavy.
• This reply was modified 4 years, 1 month ago by wavy.

Reply | Quote

I am well aware of the techs v. techs issue.

I was connecting to a friend’s computer.  It was my offsite backup until it totally crapped out in mid-January.

Happy to let you know what they say, or if it fixes anything.

Have a good weekend.

Reply | Quote

Using a DMZ is dangerous. If you need it, turn it on, use it, then turn it off.

Letting a VPN thru the router is likely to be a configuration option in the router. Many routers have this as an option. The one FIOS router I have used had security settings of low, medium, high. If that is still true, try adjusting it.

There are many types of VPN, another type might get through the Verizon router.

As to why it broke after 4 years, could just be a new version of the router software.

The words “Win10 Pro’s built-in VPN capability” mean nothing to me. Are you referring to Client or Server software? What type of VPN?  What server is your VPN connecting to? Is your friend running a VPN server on their router or are you using a commercial service?

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

DMZ: tested and it didn’t work, so it was disabled–which is the default.

Haven’t tried adjusting the security settings.  I can try that…thanks for the suggestion.

The VPN I am running is whatever is built into Windows 10 Pro.  It is outbound from my machine to my friend’s.  I don’t know what he’s running on his end, but I can’t see how it would matter.  I do know that if I remove the router from the my end and simply connect directly to the ONT using an Ethernet cable, the VPN (set up exactly the same way as my desktop) connects w/in 5 seconds.  That fact tells me the router is somehow at fault.  I see no reason that I should have to use something else.

As to a software update breaking the router: very possible, but if that’s the case you’d think I wouldn’t be the only one with the problem!

I will get in touch w/ Verizon’s tech support later this week and try to get them to put me in touch w/ the router’s manufacturer, since the tech I spoke with didn’t actually know what the solution is.

Interestingly, my friend had a brand new G1100, something that was totally default, having never been set up, and I tried that one.  It didn’t work either.

 

Reply | Quote

I am actually surprised that just connecting your computer directly works as all as it would not have a WAN IP and getting a new lease from Verizon can be a problem. Usually needs a call to tech or a 2 hour disconnect before a successful attempt can be made. Who set this up originally? Maybe they would have the key!

BTW did you ask in the DSL forum?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I got a new lease last week.  Took about 5 minutes.  This is for VZ FiOS.  Maybe that makes a difference?

Your question “who set this up originally?” is unclear.  I had been running the client side VPN in a different location.  As I noted it ran here for 4+ years before it became flaky and then conked out altogether.  What do you mean by “the key”?

Reply | Quote

I meant that whomever set it up originally hopefully would know just what they did to set it up, both on your end and the server side at your friends house. Knowing what was done might be the key to setting it up again for what ever the reason it is not now working. Verizon says 2 hours but likely less for a new lease. If a tech is doing from their end that would be a different matter and quicker, I am talking about the default lease timeout.

HenryW wrote:

Interestingly, my friend had a brand new G1100, something that was totally default, having never been set up, and I tried that one. It didn’t work either.

Something was done to get it to work (or a firmware update is doing something different by default.)

again: did you ask in the DSL forum?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

“Whoever”?  I and my friend set it up.  I documented everything on my end.  My friend is highly knowledgeable, and a “networker” for a long time.

VZ tech did nothing from his end as far as I know.  I just powered the router off, waited about 5 minutes, powered the router back up and got a new lease–which the VZ tech checked.

To my knowledge nothing was done out of the ordinary to get it running when it was set up initially.

Reply | Quote

Nope, but this isn’t a DSL connection, it’s a FiOS connection.

Reply | Quote

HenryW wrote:

he VPN I am running is whatever is built into Windows 10 Pro

Windows 10 doesn’t have a build-in VPN. Windows 10 has a client “VPN” that should connect to a real VPN service.

Why not use a simple remote control app to connect to your friend ?

https://www.windowscentral.com/built-windows-10-vpn-worth-using#:~:text=The%20Windows%2010%20VPN%20client%20isn’t%20actually%20a%20VPN%20service&text=Effectively%2C%20it’s%20a%20desktop%20client,the%20Windows%2010%20VPN%20client.

1 user thanked author for this post.

wavy

Reply | Quote

Of coures it would be nice to know what has gone wrong…

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

When I find out the solution, I will post it here. 🙂

Reply | Quote

I use the Windows 10 Client VPN (sorry, I was unaware of all of the other stuff), for one process.  To do what I need to do, I start it up using a batch file, run my off-site backup software, and then shut it down.  I don’t know how my friend’s machine is set up.  The machine is able to accept my connection and we know it works when I take the router out of the circuit.

Reply | Quote

Mis-understanding about the DMZ. If it did not work, that leads me to think the problem is not on your end but on your friends side of the handshake. Verify the necessary port is open on his end and that his VPN server is actually running.

Pleeeze, never say VPN, its confusing. You are either talking about the VPN client side or the VPN server side.

The one FIOS router I looked at had a log. Maybe more than one, not sure. If its blocking you from making an outgoing connection, this should be logged. If there is no log entry, then clear the log and try it again. In my case the log filled up quickly and then stopped.

As for the VPN client in Windows 10, I had problems with it. Perhaps look for other software that supports the same type of VPN (OpenVPN, IKEv2, WireGuard, etc. etc.) as the server you are trying to connect to. That software may have a logging feature that the Windows VPN client lacks.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

HenryW, Kirsty

Reply | Quote

Michael:

“Mis-understanding about the DMZ. If it did not work, that leads me to think the problem is not on your end but on your friends side of the handshake. Verify the necessary port is open on his end and that his VPN server is actually running.”

The problem with your thinking is that if the VPN client at my end connects almost immediately w/ the other computer when the router is out of the circuit we know that the VPN Server is running correctly.  Therefore–to me, anyway–there’s no point in checking anything at the Server end.  IT WORKS!

“As for the VPN client in Windows 10, I had problems with it.”  But to my knowledge, I haven’t had problems with it, once we got things sorted, which took a few weeks/tries.  Since that time it’s worked, pretty much as advertised.

The question here, then, is why doesn’t the VPN client work w/ the router?  The VPN client sure as hell works without the router.

Reply | Quote

How are you set up for DNS? Does the router give windows its DNS servers, does the router get its DNS settings form the verizon DHCP server?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

HenryW

Reply | Quote

I don’t believe DNS has anything to do with it.  I have the values in the router set to OpenDNS, not Verizon’s (which is probably the default).  But I’ve had them like that for years.

Reply | Quote

I don’t want to be pedantic but to eliminate in my mind a possibility you may have eliminated for yourself: does the laptop have the same DNS settings as the router or get them from the router?

Also checking the log as Mike suggested is good and may supply a clue.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Not sure where the laptop is getting its DNS from.  Certainly not the router if it’s out of the circuit!

I just did a ipconfig /showdns but nothing showed up since it’s not connected to anything (I disabled the wifi), and because of other users I can’t do any investigating right now.

Reply | Quote

You would do
ipconfig /all

to find where the laptop adapter gets its DNS from. You would see a line that says DHCP enabled in the results for the adapter. Maybe its is not the problem but I would want to eliminate it as one as part of the trouble shooting process.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

HenryW

Reply | Quote

Right now I can’t do anything else, because I can’t take the router out of the circuit until Wednesday (3/24).

Reply | Quote

Checking log files helps not at all since I don’t know what I’m looking at! 🙁

Reply | Quote

The DNS issue raises an interesting suspect. What are you connecting to? That is, how does your computer address the partner VPN server? If its by IP address, then DNS is not an issue, but IP addresses change. If its via  DDNS name, maybe that is the problem. Etc.

And, non technical people always assume they screwed up. Maybe you have not. Maybe the problem is with the VPN server. If you were connecting to a commercial VPN provider, I would not mention this, but since its just a friend, the problem could be that something changed on his end and that nothing you do on your end matters.

As for the logs in the router, just copy/paste them.

Did you check the security level in the router? Try lowering it and then connecting. If that does not fix things, then set it back to what  it was.

Did you look for VPN pass through options in the router?

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Michael:

You wanted the log files…I’ve attached them.  Lemme know if you find anything, though now that I know it was a bad password on the VPN-client, maybe this is an exercise in futility?

thanks,

Reply | Quote

Turns out part of the problem was a slightly mis-configured VPN-client setting.  I can now connect.  Just have to get some additional info from my friend and I think we’ll be good to go.  How the setting was changed to become misconfigured is a question, because it was set up correctly, in that it worked the 1st time I tried it–back in mid-January–and then stopped working.

Reply | Quote

You promised to post the solution. Can you reveal which setting that was?

Reply | Quote

I believe it was the password for the VPN-client.  That’s all I remember retyping.  What’s interesting is that it all ran fine, once, back in January.  Why it only ran once is unknown to me.  Very frustrating, for sure.

Reply | Quote

Glad its fixed. I am impressed with how much log data the router can hold. Huge logs. The logs also show a ton of unsolicited incoming requests. Bad guys knocking on your front door. Always scary to see this in black/white.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

OH, but were it that easy!

It worked a bit for all of one session or one day.  The next day it failed again.  I even redid the connection to make sure it was all configured correctly (it was) but it doesn’t work again/still.  I can’t remember the message exactly, but it had to do with the receiving computer not being configured correctly.  In any event, I’m traveling for a few days as is my friend.  Hopefully we’ll get it straightened out in the not to distant future.

Reply | Quote