Archer A20 - Work VPN not working. How to enable VPN Passthrough

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer A20 - Work VPN not working. How to enable VPN Passthrough

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer A20 - Work VPN not working. How to enable VPN Passthrough
Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-10-18 05:29:39
Model: Archer A20  
Hardware Version: V1
Firmware Version: 1.0.0 Build 20181122 rel.29339(5553)

Hello, I have been trying to connect to my work via the Cisco VPN client they installed on my work laptop.  The VPN appears to connect, but then constantly drops.  There are help articles on enabling VPN Passthrough on older routers (https://www.tp-link.com/us/support/faq/558/), but the screens on my router do not look like the ones in the article.

  0      
  0      
#1
Options
7 Reply
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-10-18 16:55:29

@azzi9 

 

You can find the settings under Advanced > NAT Forwarding > ALG

 

Are you able to bypass the router and have your computer directly connected to the modem to test to see if the issue stays with the router or with the computer?

 

 

  0  
  0  
#2
Options
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-10-21 04:48:49

@Tony 

I finally got a chance to try this & it did not fix my problem.  I will try plugging directly into the modem tomorrow & see if that has the same effect.

 

Thanks for the reply.

  0  
  0  
#3
Options
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-10-21 06:12:06

@Tony Well, it looks like you sent me on the right path.  I hook up straight to the modem & I can't get it to stay connected there either.

 

It looks like I've been barking up the wrong tree, blaming the TP-Link router.

 

Now to look into my wireless from AT&T to see why IT can't keep my VPN connection up.

 

Thanks again!

  1  
  1  
#4
Options
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-10-21 16:05:16

@azzi9 

 

No worries, if you do get it working, but yet you come across the same issue introducing the Archer A20, please let us know.

  0  
  0  
#5
Options
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-10-23 14:58:18

Try other VPN services, here's a Hola VPN review, this is what I find the best from my experience, but you can experiment with other VPNs from the site.

  0  
  0  
#6
Options
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-11-16 00:19:06 - last edited 2019-11-16 00:20:48

 

@azzi9 

 

I think I know what your problem is, but I'm not sure there's a fix.  I rely on AT&T LTE for my home internet (netgear cell modem) and also use my phone's hotspot, and both have the problem.  However I'm fairly certain the problem lies with AT&T blocking UDP port 443 at the carrier level.  A bunch of us have been pulling our hair out over this on the AT&T forums (links below), but out of the many "fixes" suggested, the only consistent workaround is to have the UDP port used by the DTLS protocol changed to something other than port 443 - if you're lucky enough to have your company agree to do it.  I've had no problems for years until early October (Portland, OR area).  It's also been reported that AT&T U-verse uses the same port, so it may be related.

 

A little background - cisco anyconnect VPN requires two connections, DTLS (UDP 443) for main traffic, and TLS/SSL (TCP 443) for status check, maintenance, and as a backup if DTLS fails.  If a DTLS connection cannot be established, the VPN will typically stay connected and transfer data over TLS, but the traffic flow will be very slow and unstable.  For me, at worst it stops passing traffic several times a minute leading to constant remote desktop disconnects, stopped file transfers, etc.  This explains why it's intermittent while still showing "connected."  I know you mentioned you're disconnecting, but does your actual VPN session disconnect or some other program?

 

To verify, check this:

- Go to Cisco AnyConnect Secure Mobility Client
- On left, click the settings option
- Go to VPN tab and select the Statistics Tab
- Scroll down to Transport Information

 

My connection will show DTLS at first until the client gives up after a few minutes then permanently shows TLS.  the logs show a DTLS connection is never established.  This does not happen on ANY other ISP, cellular provider, etc.  AT&T did something recently to block UDP443, but it's impossible to know who or how many are impacted and where, and AT&T won't acknowledge it.  I just know changing the port fixes it.  Also I have a personal VPN service that uses other UDP ports, and it works just fine.  Hope this helps.

 

 

Go to last pages:

https://forums.att.com/t5/Other-Phones-Devices/ATT-LTE-hotspot-periodically-keeps-disconnection-laptop-VPN/td-p/5840554

https://forums.att.com/t5/Network-Coverage/Cisco-AnyConnect-VPN-drops-when-using-hotspot-on-iPhone-7/td-p/5983871

 

 

  2  
  2  
#7
Options
Re:Archer A20 - Work VPN not working. How to enable VPN Passthrough
2019-12-27 20:30:43

@cchanor Thanks for the info, sorry it took me so long to get back to you.  It's been a busy couple months.  This seems to be the issue, but it doesn't seem like my IT people will be changing the VPN for me connect in to.  Luckily I have a company phone with Mobile Hotspot that isn't on AT&T, so it looks like I'll be using that for the interim.  

  0  
  0  
#9
Options