cancel
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Mkrtich
Valued Contributor
Valued Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Hi - you may have been given incorrect advice. I don't think Sagemcom will provide you with the previous version of special Optus firmware and generally send enquiries back to Optus. It may be worth contacting Optus again and asking to be put through to Technical Specialist Support, who may be able to roll back the software remotely. The catch with that is sometime later, the modem may do an Auto Update to the current version of software. 

I take it in your case VPN doesn't work at all rather than GRE . I have seen references to the '47' as being the IP Protocol type used by GRE rather than the actual port. I haven't used VPN, but adding GRE + Encryption may require the standard Ethernet MTU packet size of 1500 to be adjusted downwards to accommodate the GRE Headers and IPSec Security Associations - are there settings in the screens to reduce the packet size in the VPN set up page. 

0 Kudos
Reply
onwarril
Occasional Contributor
Occasional Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

VPN is a broad term, many such as Microsoft, Cisco, Netgear, now days open source, have apps/programs that use either PPTP, L2TP, IPSEC, for remote access.  Regardless of app/program, the basics, protocols + ports, are required depending up the type of VPN (PPTP/L2TP/IPSEC) that is being used. Ports open are useless unless the associated protocols can be passed.  In the case of PPTP, port 1723 tcp + GRE (protocol 47).  In the case of IPSEC, ports udp 500, 4500, and 1701 (specifically for L2TP), but also require in addition the protocols ESP (protocol 50), AH (protocol 51), and IKE, in order to work. 

Short story.  Need port/s + protocol/s to work. In my case, I can establish a clear un-obstructed connection via 1723 tcp, but cannot complete the tunnel connection because GRE is not passed, that enables to communications between to points to complete the connection via negotiation. Meaning that the router is not allowing the passing of wrapped data packets within secondary data packets. So any protocol that requires the passing of wrapped data packets within secondary data packets, may not work either. DMZ may be a very dangerous temporary measure, or attempting to configure via containment to a single port forwarded for protocol as in v2023, but not a permanent solution. Yes, opens up the firewall, thus forcing the DMZ or the port being forwarded to act as a Firewall instead.

If you have a double firewall senario, and only one internal network behind the second firewall, sure, DMZ to the second firewall may be a permanent workaround. But decent hardware firewalls cost money, even if it is an open source solution on a router/computer. Still got to have the hardware for it, if you dont then you have to buy it.

With IPSEC, I can only say what I noticed with a few permanent tunnels that I run. With the 5366TN as the primary router, with firmware v2023 (as I dont know what happened before this), IPSEC was a hit and miss affair. Not consistent connectivity, at times only able to ping one way, while the tunnel was formed--had issues with two way traffic.  That was after the extreme workarounds were configured.  Meaning that to do a quote, had to wait for the tunnel to work, copy down the template, do the quote, then wait for connectivity to return before transferring the finished quote back to its proper location at the other office via tunnel.

Issues regarding email internally have already stated in a previous post.

While I have fine tuned WAN to LAN on secondary firewalls for performance via changing the MTU, I have not investigated its effect on protocols on the primary router, but an interesting point to look into.

 

onwarril
Occasional Contributor
Occasional Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

All that should be required for the average person working from home, that uses VPN to connect to work or elsewhere, is that to ensure the tick is placed in the VPN section of the router for 'pass though' for whatever VPN they use.  If required at all.

Its at the other end, the server end that needs serious configuration.

0 Kudos
Reply
onwarril
Occasional Contributor
Occasional Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

As obvious, from myself and others, the words "should" used in my previous posts, is not applicable with the recent firmware changes with this router.

So my conclusion, as with others, all seem to point to the fact that its with the firmware that is causing the primary problem. It would be nice if we got some confirmation of this from the manufacture or supplier. Even nicer if the new firmware was rolled out within the next day or two.

0 Kudos
Reply
pmac243
Occasional Contributor
Occasional Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Hi Thanks for the reply, yes the VPN I am referring to is the standard Windows WAN Miniport (PPTP) to our work - it has worked fine before the most recent update. Re your first paragraph if I can get a copy of the firmware and the modem updates itself again at least I will be able to reinstall the working firmware file again.

In short I am convinced it is the firmware update because,
It worked flawlessly for 18 months before the firmware update.
It works on this modem if I put my PC into the DMZ on the modem and connect from there.
It works if connect to another wireless network. (4G mobile Broadband)
It works if I hot spot to my phone.
0 Kudos
Reply
ScoobyDooDoo
Occasional Contributor
Occasional Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Tried it also but it didn't work.  

If you get an old firmware won't the gateway  do the update on reboot ?

We need a firmware update or rollback now

0 Kudos
Reply
Mkrtich
Valued Contributor
Valued Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

@pmac243 and @onwarril 

Yes , I can understand your frustration - all indicators point there and hopefully with the Case Number referenced in earlier posts, it may be addressed by Optus in the next firmware release.

I think one of the major differences between versions 2023 and 3035 is that the current firmware introduced 'Optus WiFi Secure' under Networking icon which screens all incoming and outgoing Internet traffic - this is a subscription service and must be enabled in the modem as well. Maybe the bug is associated with that function , even though it appears as Disabled in your modem's GUI. 

I have only ever used a Cisco VPN on my work PC when I was working from home more than a decade ago which did not require any special modem configuration. I selected the desktop Icon and away I went into our work networks - similar in fashion to your Windows VPN.

I got somewhat confused in previous posts given all the programming mentioned - I thought a Site-to-Site VPN was being set up which perplexed me as the F@ST5366 TN-A has no VPN Server Screens that I could see - I mistakenly thought the programming was a workaround to circumvent that as Port Forwarding was involved and did not realise you were simply doing a Remote Client to External Work Server connection which worked previously for you without issue. 

Hope it gets resolved soon. 

https://www.optus.com.au/about/media-centre/media-releases/2021/03/optus-and-mcafee-partner-together... 

0 Kudos
Reply
Ray_YC
Online Community Manager
Online Community Manager

Re: New Optus supplied modem - Sagemcom 5366TN

Hi everyone,  

Via our technical support team:

We have found that the PPTP protocol is impaired and some VPNs are no longer able to connect. Some people working remotely over VPN are affected.

A fix is planned for an upcoming Sagemcom release but this may be several weeks away. Right now though we are applying a temporary patch fix to those affected.

We know that some customers have successful resolved their VPN connection problems by changing the VPN protocol from PPTP to IKE, L2TP or IPSec. This is mostly controlled by the VPN sysadmin to allow the other protocols to be used.

If you are still impacted by this issue,  please speak with our Technical Support team via the messaging service to assist you further. Please advise the agent it is in reference to parent ticket 23716493.

------------------------------------------------------------------------------------------------------------------ I’m part of the Yes Crowd team, employed by Optus to help run our online community. This guide explains how everything works on here and you should also check out our Community Guidelines.

Did we answer your question? Please mark it as a Accepted Solution and be generous with that Kudos button Smiley Happy
Ray_YC
Online Community Manager
Online Community Manager

Re: Sagemcom 5366TN release


@YetAnotherAcc wrote:
And once again you've ignored my custom DNS status question.

There is currently no plan for the DNS settings change in the modem.

------------------------------------------------------------------------------------------------------------------ I’m part of the Yes Crowd team, employed by Optus to help run our online community. This guide explains how everything works on here and you should also check out our Community Guidelines.

Did we answer your question? Please mark it as a Accepted Solution and be generous with that Kudos button Smiley Happy
0 Kudos
Reply
SirLegend
Occasional Contributor
Occasional Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Thanks Ray - it is appreciated to see it officially noted as an issue,and whats in progress to fix it.

In terms of the "temporary fix" my optus is currently sitting in a corner with something else running my connection so that I could actually get some work done. When do I need to plug it back in (& connect via the wan port to a lan port on my temp router so that the fix can be applied, or is this being done at a network level?

0 Kudos
Reply