cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Vodafone home fibre broadband VPN setting

seblb
2: Seeker
2: Seeker

Help! I have been trying to get this to work and given up becuase Vodafone are hiding important connection details. The config I want use is the L2TP Server VPN on the Vodafine Connect Broadband Router. The settings in the router are simple enough (cool! 🐵 but getting a client to connect to it is impossible (unless it is another Vodafone HHG2500 Broadband router). So here is what I have done:

 

1) Setup the router's L2TP Server VPN configuration (set shared key, user and password, etc)

2) Configured and OSx and iOS client to connect on L2TP (settings quite straight forward) but both fail. The only debug details I was able to get was from the OSX connection that failed on "L2TP sent SCCRQ" - I also have the wireshark dumps from the client and router.

3) Setup other VPN clients, but no success

 

I spoke to the vodafone live chat team (not a great experience, so unless there is an expert there I can chat to, please do not direct me back there Vodafone). The experience was as follows (I have the chat transcript if you want it):

 

1) Told "since few days we are facing issues with the application, However our engineers are working to fix this"

 - I told them that "VPN" was router hardware related and not a "service" (sigh)

 

2) I was then directed to change my wifi setting

 - I told them the wifi had nothing to do with VPN (sigh)

 

3) I was then told I had to have a business account for the VPN to work

- I told them that if I plugged in my draytek router, the VPN worked so it had nothing to do with that. This was the final sitcking point and they would not budge. Form my point of view this was the only thing they could use to get rid of me, as they didnt know what they were talking about.

 

Since then I have discovered if you have 2 people on Vodafone with their routers (both my father in law and I are on vodafone). One setup and L2TP server and the other L2TP client. They happily connect!

 

Therefore, the statement that VPN is business only is also not true. Therefore there is some odd setting that a L2TP client needs to do to connect to a Vodafone HHG2500. What is this? Please can someone from Vodafone provide a faultless configuration for a client so the rest of the community can do the rest for you?

 

The reason I am not able to use my Vodafone router is becuase I use a draytek so I can VPN into my office (also draytek). This additional VPN config is to connect to my father in laws home to assist on all things IT. I therefore need some form of VPN client that can connect to a Vodafone Router running the L2TP VPN server. :o(

 

 

84 REPLIES 84

did you understand the question we are asking?

 

Quote:

although we can't support a VPN as it's not a service that we are providing. -> Yes it is an option in the Vodafone router settings 

 

The router itself should be able to handle this as a connection. What is it that happens when you try to connect to your VPN? -> we are trying to connect to the Vodafone router, but it does support the conection. 

 

 

We are all trying to setup the VPN directly in the settings of the  Vodafone provided router.

There is an option to configure a VPN server so that we can connect to the Router and then through the VPN get into our home network.

 

Does Vodafone not support this?

 

Can I also get the info to the broadband specialist so i can set up a vpn on my router please?

Can someone from Vodafone please reply?

Jayach
16: Advanced member
16: Advanced member

The only reply you will get from Vodafone on here is to be told to use social media.😒

What kind of info are you expecting to be able to give your broadband specialist? He/She should already know what is required, that's what makes a specialist.

Anonymous
Not applicable

I think the VPN settings on the earlier VF routers were there just to create a simple site to site tunnel - and failed miserably to do that.

 

The VF routers are pretty much the bare minimum functionality required, such that they can simplify customer support (and I'd argue they still fail on this).

 

*I have access to a small number of VPN connections via my Asus router.  With the Beta firmware I'm running I can direct individual connections to the VPN or not.  Just be aware that the sales pitch for VPNs is often overblown, improperly used they can make your connection MORE vulnerable, and if you don't have a perfect connection can cause issues with online gaming and live streaming!

 

**If I was happy with the other functionality of the VF router but needed VPN too, I'd not be looking to replace the VF router.  If I were doing this I'd probably be using a Raspberry Pi as a gateway, and running the easy to setup DietPi distro on it.  For the uninitiated, even that would still be a steep learning curve!

There's loads of routers available that can be used to set up a VPN with the functionality built in already. Why anyone would waste their time programming a raspberry pi to do that job is beyond me. I watched a short BBC program where the presenter showed a very brief summary of how they did it and I must say it looked like a totally pointless exercise. After you program it then you need to keep making sure it is patched for new security updates!

 

If we took that approach with everything then we'd be manufacturing our own doorbells etc. Instead of buying one for a tenner. Some things are just cheap to buy off the shelf and there isn't any reason in my mind why the average person needs to build their own router.

 

Problem on this thread is not the router but the lack of any knowledge that people have and the unrealistic expectations placed on Vodafone support.

After reading the posts here I can see many users are having the same issue I had with Vodafone. The simple answer is get a new broadband provider but that is often easier said than done.

 

As others have said, getting the VPN solutions working on a VF router appear to be a bit of a nightmare. It is actually worse than that because of reasons I set out below.

 

VF VPN solutions are L2TP Client, L2TP server, PPTP Client and PPTP Server. 

First off, PPTP is no longer considered secure and L2TP should always be used in preference to it.

 

VF provision of L2TP Server is actually L2TP with Shared Secret and from what I have read this does not work with standard iPhone, Windows or Apple L2TP clients, although at least one user has posted that they managed to get a site-to-site VPN working between two VF routers. This is not totally surprising as there are a number of other settings to do with security end encryption protocols that L2TP relies on. Without the correct settings, a client will not connect to a L2TP server.

 

Having said that, there two other issues with the concept of using VPN with VF router. The gigabox router I was trying to use will not allow VPN clients to acquire IP Addresses on the same network as the local LAN. THis means for instance that the local LAN for the VF router will be 192.168.0.x whilst VPN clients will use 192.168.2.x ( the built-in guest WifI network uses 192.168.5.x). 
Firstly, most home routers use either 192.168.0.x or 192.168.1.x for their local LAN. There is no way that a computer at home can determine whether an address at 192.168.0.123 is a device at the other end of the VPN or in the local LAN hence it cannot communicate with that device.

Even if the local LAN for the VF router was changed to be 192.168.5.x for guests. 192.168.6.x for local network and 192.168.7.x for VPN connections any machine that connects via VPN would have to be re-configured so that it 'knows' that 192.168.6.x addresses are at the other end of the VPN.


The VF router does not have enough configuration settings to overcome these limitations.

 

SOLUTION:

There are a couple of solutions but they all involve buying replacement equipment.

1) buy a a decent modem/firewall/router such as a Dreytek, Sonicwall or NetGear and throw the VF router in the bin. This involves programming the replacement router with VLAN ID to be able to complete the connection to the Internet.

 

2) Put the Vodafone router into BRIDGE MODE, connect your replacement router to the VF router and use the replacement router to create the internet connection. This, again, requires programming the replacement router but allows you to use different types of equipment such as Cisco or Mikrotik.

 

3) Create a DMZ on the VF router and connect your replacement router to it. The VF router will continue to provide connectivity to the internet ( and therefore you can still get support from VF for broadband issues) but the replacement router will handle the local LAN and VPN.

 

Personally, I like to use a Mikrotik RB951 and connect to the VF router as a DMZ. The RB951 provides great control over all aspects of setting up broadband and has a huge community who can help provide configurations.

 

The correct description for Internet access is:

The Internet - ISP Gateway - PPPoE Server - DSL - telephone line, fibre, cable - DSL - PPPoE Client -ROUTING - local LAN - wired device & WiFi Access - WiFi connected devices

 

Typically a 'Router' or 'Hub' is really a DSL Modem, Firewall and Router combined into one box but the operations of DSL Modem, PPPoE connection and Firewall/Routing can be split between different devices.

 

My RB951 solutions uses:

 

connection to ISP - VF Router (DSL modem and PPPoE Client) - LAN on 192.168.0.1 with DMZ connection to 192.168.0.2 to RB951 ( Router and Firewall and VPN server ) - local network on 192.168.101.1.

Using this setup has a number of benefits:
Connections to the VPN can be put on the same network as the local LAN hence remote computers can correctly access any resources on the local LAN such as printers, other computers, servers etc.
The VF router is not modified in any way and a device can be connected to it direct rather than via the RB951 hence I can always get support from Vodafone if I suspect there is a problem with the DSL, PPPoE or cabling into the premises.

I know the L2TP server built into the RB951 supports all windows clients, MAC, android and LInux devices.
The RB951 allows extreme control over all aspects of networking so I can easily set up various security configurations.

 

 

Anonymous
Not applicable

Just how exactly does one PROPERLY put the Vodafone HHG2500 or THG3000 modem/router into bridge mode?  As far as I am aware, neither of the two common VF supplied modem routers include any fully functional means to put them into bridge mode.

 

Not having access to a THG3000, I wasn't aware that it had the VPN option in it's menus.

 

When it comes to using a VPN as a site to site bridge the issue with subnets is a standard VPN one and not anything specific to do with the VF equipment.  Other than the networks using different subnets, all that is usually required is changing the subnet mask (192.168.0.0/16 should work).

 

*I like the idea of using Microtik devices, but for the uninitiated, they fall very short in the ease of use stakes.

 

Jayach
16: Advanced member
16: Advanced member

@Anonymous wrote:

Not having access to a THG3000, I wasn't aware that it had the VPN option in it's menus.

It doesn't

Anonymous
Not applicable

Didn't think it did. Though I keep pondering the idea of buying one from eBay, just to pull it apart.  I actually suspect that using the Microtik router, you could with the correct settings connect it to the VF modem/router Lan port to Lan port, and create a false gateway that would get various VPN connections working.  The concern with the Gigabox is that VF Lan to Microtik Wan, thanks to the way the VF mobile data network is configured, would actually be tripple NAT!