I’ve got a 5G Verizon gateway set up in UP Pass-through mode with an Asus router. Everything works well except for when I connect to my works FortiClient VPN.
When I flip on the VPN in pass through mode I get no connection to my network drives and very slow internet.
When I flip on the VPN not in pass through mode everything technically works but is unbearably slow. Around 1-2 Mbps download speeds.
What are some configuration settings that I can try both on the gateway and/or the Asus router?
UPDATE:
Just to update everyone, it was an MTU issue. I upgraded my Asus router to one that allows you to control MTU settings and I set it to 1428.
With the MTU set I was able to put the gateway into IP Passthrough and every thing worked. I also ended up disabling the DHCP on the gateway because I was letting my router handle DHCP.
This worked but I would experience internet drops on my wifi about once a day. Usually the issue would resolve itself after a few minutes but also restarting my Asus router would fix it too.
UPDATE:
Last night my gateway received the 231451/3.2.0.21 firmware update and again, IP Passthrough wasn’t working.
With this update the new GUI for the gateway router settings was released and with a lot more added functionality. One of them being the ability to change the MTU size right on the gateway. It also changed the default MTU size to 1500. So After I changed my Asus router MTU back to 1500 to match then things started working again.
What is your MTU setting on the router? I think Verizon recommend 1428 for the setting on passthrough mode. Might be something to try if your router allows you to change it.
What is the VZW gateway model? The cubes have a lot of passthrough issues
I have the ARC cube and ASUS RT-AX3000 router. I also originally had Passthrough issues so I turned that off, disabled the wifi networks and then let the cube assign the router an IP, and still have the router do all the work as normal.
Less issues and very few disconnects now. Also fixed the issue when downloading large files (it would stop and time out).
You have too many variables. Try directly connecting to the VZ GW first before doing any troubleshooting.
— Starfox
I had an issue with nord that it would only work with OpenVPN TCP
Have you resolved your issue?
My IT department is asking the same questions. How would I change the MTU setting. Is that on the gateway or the router? The only MTU settings I found on my router are when I change it from automatic IP to pppoe.
Gateway model is ASK-NCQ1338FA
I am using that same asus router. Passthrough mode is working for me if I have the router set to automatic IP. But when I try to set up a static IP I lose all internet. I must be doing it incorrectly. I’m following the guide from nater tater on YouTube but can’t get it to work with a static ip.
The troubleshooting that I have done so far is as follows:
1.connect directly to the gate way. This yielded access through my works Vpn but at unusable speeds.
-
While still directly connected to the gateway, turn off ALG settings which forces the firewall to the maximum mode. This resulted in me not even getting past the login prompt of the vpn.
-
Turn firewall down to medium and turn off other firewall options. This yielded the same result of trial 1.
Our IT department is suggesting how to change the MTU size on the gateway. Does anyone know how to do that?
Just to update everyone, it was an MTU issue. I upgraded my Asus router to one that allows you to control MTU settings and I set it to 1428.
With the MTU set I was able to put the gateway into IP Passthrough and every thing worked. I also ended up disabling the DHCP on the gateway because I was letting my router handle DHCP.
This worked but I would experience internet drops on my wifi about once a day. Usually the issue would resolve itself after a few minutes but also restarting my Asus router would fix it too.
Shoot! Yeah I run into that with my Firewalla router as well. You can try changing the MTU on the PC itself and see if that works. I have done that on my windows PC before and it worked.
The MTU should be set at the VPN client level not at the GW. You need to perform a test similar to the following but with the destination being something that is within the VPN-accessed network:
https://kb.netgear.com/19863/Ping-Test-to-determine-Optimal-MTU-Size-on-Router
— Starfox
Ok so after preforming that test it is determined that I need an MTU of 1400 or lower to work with the VPN. Anything Higher and I get “Packet needs to be fragmented but DF set”
When connected to the VPN and typing “netsh interface ipv4 show subinterface” into CMD it shows that the interface the VPN created has MTU of 1392. All the other interfaces are at 1500.
I cant change that 1392 locally. The settings to do so are disabled.
I think my only option is to reduce the MTU at the router level. But on my Asus RT-AX3000 I cant find an option to do that while set to Automatic IP.
If I use a PPPoe configuration then I can see that an MTU setting becomes available. But idk how to set up PPPoe configuration or if it is even possible with the Verizon gateway.
Okay, so your VPN actually seems to be configured correctly. Now do the same, not connected to the VPN, but to the endpoint IP.
— Starfox
What do you mean by the endpoint IP?
I wasnt connected to the vpn in the earlier test.
Hmm, well in that case set the MTU of the Ethernet/WiFi to 1408 or 1400. See if it makes a difference.
— Starfox