Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BT2700HGV VPN, Port 500, L2TP continues

pgudge
Member

on ‎24-06-2011 03:34 PM

Hi, I remember going through this with BT before, and there was a know issue where the BT2700HGV would block UDP/TCP port 500 (commonly used for L2TP VPN) from passing through the BT2700HGV when in DMZplus mode. They released a firmware fix (6.1.1.49-enh.tm-IKE) which addressed the issues.

 

However this never fixed the problems and I want to see if something else can be done, like getting someone form BT to get someone from 2Wire to do something about it. 🙂

 

The story again is, it would seem that BT's Openzone feature on the BT2700HGV uses port 500, when you disable Openzone, the port is still not opened and allowed to pass through the firewall. After running the syslog, I can see my connection to the BT2700HGV .

 

<ip>: INF 2011-06-24T11:41:53+01:00 fw,fwmon: src=<IP> dst=<IP> ipprot=17 sport=33588 dport=500 Local Session, Packet Passed

 

The log states that the connection was passed, however the packets never make it to the DMZ host, shortly after this connection attempt the syslog repeatedly dumps out the following lines:

 

<ip>: ERR 2011/06/24 11:43:48 BST iked: [PROTO_ERR]: ikev1.c:996:<unknown>(): couldn't find configuration.

 

Which appears to be the IKED service erroring for some reason, which would make me think port 500 is not being passed to the DMZ but to its local IKED service. This error appears about 3-4 times then stops. If you try to make a L2TP connection again to the Public IP, the abover INF Firewall log does not appear again for a few hours, but still does not connect to the DMZ host's VPN server.

 

Additionally when Syslog is enabled it constantly dumps out the following, page after page after page:

 

<ip>: WRN 2011/06/24 11:41:57 BST nodesd: unable to sync data: No such file or directory

<ip>: WRN 2011/06/24 11:41:57 BST nodesd: unable to sync data: No such file or directory

<ip>: WRN 2011/06/24 11:41:57 BST nodesd: unable to sync data: No such file or directory

<ip>: WRN 2011/06/24 11:41:57 BST nodesd: unable to sync data: No such file or directory

<ip>: WRN 2011/06/24 11:41:57 BST nodesd: unable to sync data: No such file or directory

<ip>: WRN 2011/06/24 11:41:57 BST nodesd: unable to sync data: No such file or directory

 

Which is very annoying and makes it difficult to capture the log error you need.

 

I'm not sure what you (BT) can do about the actual modem, but it would be nice if you could get your firmware team or 2Wire to fix this IKE Port 500 issue. I have also placed the BT2700HGV in to Bridge mode, hoping it would bypass all the Firewall/Features/Services hosted on the BT2700HGV but it does exactly the same 😞

 

Thanks for your time, and I hope you can help.

 

Paul G.

 

FYI:

Model: BT2700HGV

Hardware Version: 2701-100589-005

Firmware Version: 6.1.1.49-enh.tm-IKE

0 Kudos
1 REPLY 1

JohnE
Guru

on ‎28-06-2011 12:36 PM

The '49' patch did fix the issue, pgudge.  You need to first enable, then disable Openzone in order to fully release the IKE service.

I'm not sure what you are getting at with Bridge mode.  This essentially turns the hub into a modem, no routing is done at all in this mode.

0 Kudos