Hi - you may have been given incorrect advice. I don't think Sagemcom will provide you with the previous version of special Optus firmware and generally send enquiries back to Optus. It may be worth contacting Optus again and asking to be put through to Technical Specialist Support, who may be able to roll back the software remotely. The catch with that is sometime later, the modem may do an Auto Update to the current version of software.
I take it in your case VPN doesn't work at all rather than GRE . I have seen references to the '47' as being the IP Protocol type used by GRE rather than the actual port. I haven't used VPN, but adding GRE + Encryption may require the standard Ethernet MTU packet size of 1500 to be adjusted downwards to accommodate the GRE Headers and IPSec Security Associations - are there settings in the screens to reduce the packet size in the VPN set up page.
VPN is a broad term, many such as Microsoft, Cisco, Netgear, now days open source, have apps/programs that use either PPTP, L2TP, IPSEC, for remote access. Regardless of app/program, the basics, protocols + ports, are required depending up the type of VPN (PPTP/L2TP/IPSEC) that is being used. Ports open are useless unless the associated protocols can be passed. In the case of PPTP, port 1723 tcp + GRE (protocol 47). In the case of IPSEC, ports udp 500, 4500, and 1701 (specifically for L2TP), but also require in addition the protocols ESP (protocol 50), AH (protocol 51), and IKE, in order to work.
Short story. Need port/s + protocol/s to work. In my case, I can establish a clear un-obstructed connection via 1723 tcp, but cannot complete the tunnel connection because GRE is not passed, that enables to communications between to points to complete the connection via negotiation. Meaning that the router is not allowing the passing of wrapped data packets within secondary data packets. So any protocol that requires the passing of wrapped data packets within secondary data packets, may not work either. DMZ may be a very dangerous temporary measure, or attempting to configure via containment to a single port forwarded for protocol as in v2023, but not a permanent solution. Yes, opens up the firewall, thus forcing the DMZ or the port being forwarded to act as a Firewall instead.
If you have a double firewall senario, and only one internal network behind the second firewall, sure, DMZ to the second firewall may be a permanent workaround. But decent hardware firewalls cost money, even if it is an open source solution on a router/computer. Still got to have the hardware for it, if you dont then you have to buy it.
With IPSEC, I can only say what I noticed with a few permanent tunnels that I run. With the 5366TN as the primary router, with firmware v2023 (as I dont know what happened before this), IPSEC was a hit and miss affair. Not consistent connectivity, at times only able to ping one way, while the tunnel was formed--had issues with two way traffic. That was after the extreme workarounds were configured. Meaning that to do a quote, had to wait for the tunnel to work, copy down the template, do the quote, then wait for connectivity to return before transferring the finished quote back to its proper location at the other office via tunnel.
Issues regarding email internally have already stated in a previous post.
While I have fine tuned WAN to LAN on secondary firewalls for performance via changing the MTU, I have not investigated its effect on protocols on the primary router, but an interesting point to look into.
All that should be required for the average person working from home, that uses VPN to connect to work or elsewhere, is that to ensure the tick is placed in the VPN section of the router for 'pass though' for whatever VPN they use. If required at all.
Its at the other end, the server end that needs serious configuration.
As obvious, from myself and others, the words "should" used in my previous posts, is not applicable with the recent firmware changes with this router.
So my conclusion, as with others, all seem to point to the fact that its with the firmware that is causing the primary problem. It would be nice if we got some confirmation of this from the manufacture or supplier. Even nicer if the new firmware was rolled out within the next day or two.
Yes , I can understand your frustration - all indicators point there and hopefully with the Case Number referenced in earlier posts, it may be addressed by Optus in the next firmware release.
I think one of the major differences between versions 2023 and 3035 is that the current firmware introduced 'Optus WiFi Secure' under Networking icon which screens all incoming and outgoing Internet traffic - this is a subscription service and must be enabled in the modem as well. Maybe the bug is associated with that function , even though it appears as Disabled in your modem's GUI.
I have only ever used a Cisco VPN on my work PC when I was working from home more than a decade ago which did not require any special modem configuration. I selected the desktop Icon and away I went into our work networks - similar in fashion to your Windows VPN.
I got somewhat confused in previous posts given all the programming mentioned - I thought a Site-to-Site VPN was being set up which perplexed me as the F@ST5366 TN-A has no VPN Server Screens that I could see - I mistakenly thought the programming was a workaround to circumvent that as Port Forwarding was involved and did not realise you were simply doing a Remote Client to External Work Server connection which worked previously for you without issue.
Hope it gets resolved soon.
Via our technical support team:
We have found that the PPTP protocol is impaired and some VPNs are no longer able to connect. Some people working remotely over VPN are affected.
A fix is planned for an upcoming Sagemcom release but this may be several weeks away. Right now though we are applying a temporary patch fix to those affected.
We know that some customers have successful resolved their VPN connection problems by changing the VPN protocol from PPTP to IKE, L2TP or IPSec. This is mostly controlled by the VPN sysadmin to allow the other protocols to be used.
If you are still impacted by this issue, please speak with our Technical Support team via the messaging service to assist you further. Please advise the agent it is in reference to parent ticket 23716493.
And once again you've ignored my custom DNS status question.
There is currently no plan for the DNS settings change in the modem.
Thanks Ray - it is appreciated to see it officially noted as an issue,and whats in progress to fix it.
In terms of the "temporary fix" my optus is currently sitting in a corner with something else running my connection so that I could actually get some work done. When do I need to plug it back in (& connect via the wan port to a lan port on my temp router so that the fix can be applied, or is this being done at a network level?