TL-ER5120 v3.0 and Microsoft Remote Desktop (RDP) on Port 3389
Hardware version: TL-ER5120 v3.0
Firmware version: 3.0.2 Build 20180125 Rel.35267
I've been working on this problem for 5 days, Google doesn't seem to be helping and that is surprising. Lack of posts on the topic made me believe it was a differnt issue than this router, however this morning I have conclusively proved the problem is the TL-ER5120 V3 router. It may be a simple setup or configuration issue, but frankly I can't find it/figure it out. Yes I've RTFM. Yes i've googled the problem endlessly. Yes I've tried random things, yes I reversed those that failed before moving on. Yes, i've rebooted the router multiple times. Yes, I have disabled everything in "firewall" section of router setup. Yes, I have above average networking knowledge and can usually figure out the problem, however networking and/or IT is NOT my day job so i'm far from expert.
The Problem: It's not possible to connect using Windows 10 Remote Desktop RDP, either simply on the local LAN or via open port on public IP.
I have a cable provider, they don't block much and the cable connection is not this problem. My confguration prior to this week:
Zoom 5320 Cable Modem (Public IP) -> Netgear R7000 -> local win10 on wired ethernet port with a reserved local IP.
and a wireless laptop.
Used RDP via that setup locally and remotely for years. Locally RDP is available 24/7/365, when out of town, port forwarded and opened a high numbered port (49XXX) and forwarded it to the local machine IP:port 3389. Both setups, local and remote, worked perfectly--never had a problem. Therefor, I suspected it wasn't a problem with Windows Settings.
My cable providers connection is however problematic, and connectivity as a whole will randomly drop for awhile. For more than one reason, I decided to upgrade to a multi-WAN connection, thus the purchase of the TL-ER5120. The other WAN provider is a metered "unlimited" cellular connection with a 22gb/month high speed cap (i.e.weird American "unlimited but limited" cellular broadband).
This weeks configuration:
Zoom 5302 Cable modem -> TL-ER5120 Port 1
Cellular modem -> TL-ER Port 2
Port 5 is the R7000 in AP mode (which also serves as an unmanaged switch).
I initially attempted to just hang the R7000 as is on port 5, disabling DHCP on the 5120, hoping that the 5120 could be a "failover" router and I could just continue to use the Netgear R7000 as the local network router. That worked somewhat, but I had a few devices (camera's and a dedicated equipment controller) that just didn't get along with double NAT.
Next the R7000 got switched to AP mode, and the TL-ER5120's DHCP server got turned back on. Some 50 devices are connected... windows laptop, iPhones, iPads, dedicated home automation equipment, Alexa devices, picture frames, sprinkler controllers, garage door contollers, etc. One device was problematic and didn't want to connect (phone home essentially). In following the troubleshooting steps on the manufactures site, I disabled everything possible in the Firewall section of the TL-ER5120 and got it working. (and haven't yet gotten to the step where i try rechecking the boxes one by one.)
Satisfied that every device was correctly connecting to the internet as it should, I moved on to my final setup steps, making certain I can reach my single windows 10 PC via Remote Desktop and setting up DDNS for that specific purpose. (everything else that connects at this point handles inbound connections by making an outbound connection to a cloud server instead.)
The manual is unclear how to Port Forward, however after googling about I conclude this must be done on the TL-ER5120 via "Transmission -> NAT -> Virtual Servers" so I make the following entry there:
Name: (my machines name)
Interface: WAN1
External Port: 3389 (also tried 49XXX which is where it needs to end up)
Internal Port: 3389
Internal Server IP: 192.168.1.10 (assigned to that machine via a DHCP reservation)
(and yes I changed the TL-ER5120's default address from 192.168.0.1 to 192.168.1.1 because one controller seems to not like being anywhere but 192.168.1.X
and that manufacturer specifically states that it's a known issue at this time).
Protocol: All
Enabled.
That should open the external port 3389. It doesn't, the port stays closed from the Public IP. Confirmed closed using GRC's Shields up (an online port scanning tool) and specifiying 3389, GRC actually returns "Stealth" which means it doesn't even reply as closed.
Additionally I can't connected via RDP on the local network!! Specifically with my laptop connected via WIFI or cable, and attemting to open a remote desktop at 192.168.1.10 or the machine name. I checked that both machines can Ping each other (they can). I located a troubleshooting steps to verify that 3389 was listenening on the target machine using ipconfig -a -o and looking up the PID of the listening PID to see what was listening. All good. I located a Microsoft page that suggested using telnet to see if 3389 was open from the remote machine--It's not. Yet remember both machines can ping each other.
In the TL-ER5120's interface the page that looks like it could have an effect is Preferences -> Service Type. I tried various entries on that page, with no luck. Firewall section is all still disabled at this point.
I then suddenly remembered that I had a brand new Netgear R7000 that was purchased long ago for a family member and never used. I popped open the still in factory shrink wrap R7000, connected it to the Cable modem and my laptop and upgraded the firmware to the current version. Then without even an address reservation I connected the WIN10 RDP target machine. Switched my laptop from cable to wifi and opended Remote Desktop from laptop to target on the first try. THE ONLY CHANGE IS THR ROUTER, I didn't even reboot either computer.
So in CONCLUSION: the TL-ER5120 breaks communication on port 3389. WHY? Is there a work-around or do i need to return the TL-ER5120, because no remote desktop is a deal breaker. I need it to work both Lan->Lan and Wan->Lan.