VPN Connection Issues: JMDI ISP, Netis WF2780 Router, PPTP VPN Server, Cisco Router, Public IP

Hello,
I'm having trouble connecting to VPN servers.
My ISP is JMDI. They installed a modem in the teletechnical cabinet, to which I plugged my Netis WF2780 router.
In another place I have a router with a SIM card with a fixed IP address and a PPTP VPN server on that router. I can't connect to the server using the internet from this provider. But when I share the internet from my cell phone to my laptop, I connect to the VPN server without any problems. I tried to connect to other VPN servers (e.g. a server placed on a cisco router) and the situation is the same.

I called the ISP hotline and it says I need a public IP. Are they right?

You don't need a public IP to connect as a VPN client. Unless the provider on the "collective" IP limits something.

That they're blocking something on the NAT router?

Ports used for VPN can be blocked, not necessarily on the router, the provider can block it higher up, on the traffic server, for example, and usually if something is blocked, it is in this way.

How to fight it?

Added after 39 [minutes]:

Supplier response:

Quote:

No, we do not block, as I mentioned above, we do not block any connection, the VPN servers block the connection from your current IP address, if you would like a public address, then as I mentioned, it is for a monthly fee of PLN 10

.

I understand that the VPN server you are connecting to has been configured by you? If you didn't manually enter any restrictions on accepted or rejected addresses there, how could a VPN server block it, I would understand if it was a problem with some VPN on the net, OK, they may limit something, but the service you launched yourself on your own equipment and by default it is open to everything? Something's not right here. What address pool are you coming out of now?

Now I don't have access to this network.
But the router on the WAN enters an address from the 10.xxx pool, i.e. some private IP.

My router later creates my home network with 192.168.1.x addresses.

The servers I'm linking to are mine. But I also tried to other servers eg in my office.

Yes, but externally this 10.xxx address is probably NATed. And what home network do you have on this router where you have this VPN server?
And one more thing, are you connecting to this VPN from under Windows or some other system?

Vytautas_YT wrote:

Yes, but externally this 10.xxx address is probably NATed. And what home network do you have on this router where you have this VPN server?
And one more thing, are you connecting to this VPN from under Windows or some other system?

1) It's going through NAT for sure. I went to the speedtest website and the address from the 88.xxx pool was displayed there, I don't remember exactly at the moment. But it looked like an external address.

2) Home network 192.168.1.x.

3) Through a tool built into Windows.

4) I also have a VPN connection established on my computer to one of the networks via the GLOBAL PROTECT software. And I can connect to this VPN...

plcsystem wrote:

I went to the speedtest website and the address from the 88.xxx pool was displayed there, I don't remember exactly at the moment. But it looked like an external address.

Yes, there you will see the address from which you leave the network.

plcsystem wrote:

Home network 192.168.1.x.

So the same as the one on Netis WF2780? If so, it's an error. Then there is a conflict in the routing routes and you will not get to the devices from the subnet of the VPN server. Change the addresses behind Netis to some other, e.g. 192.168.2.0/24, anything but 192.168.1.0/24

plcsystem wrote:

3) Through a tool built into Windows.

Are you getting any error when trying to connect? Does it not establish a PPTP connection at all or does it manifest itself differently?

I misunderstood. On the VPN server, it has 192.168.10.x pools. And on Netis 192.168.1.x.
It starts to connect, "connecting" is displayed, then the reel starts spinning and so on ad infinitum.

Vytautas_YT wrote:

plcsystem wrote:

I went to the speedtest website and the address from the 88.xxx pool was displayed there, I don't remember exactly at the moment. But it looked like an external address.

Yes, there you will see the address from which you leave the network.

plcsystem wrote:

Home network 192.168.1.x.

So the same as the one on Netis WF2780? If so, it's an error. Then there is a conflict in the routing routes and you will not get to the devices from the subnet of the VPN server. Change the addresses behind Netis to some other, e.g. 192.168.2.0/24, anything but 192.168.1.0/24

plcsystem wrote:

3) Through a tool built into Windows.

Are you getting any error when trying to connect? Does it not establish a PPTP connection at all or does it manifest itself differently?

If they are different then ok. And the provider is able to provide you with a public address to test whether it will actually work?

It assigns such an address for an additional fee.
However, I would like to understand where the connection to the VPN is blocked.

I use VPN every day, the fact that on L2TP, but also PPTP before, and I have never encountered a VPN server, especially the one I configure, rejecting connections from any addresses, unless I limited it myself.
And are you able to ping from this subnet behind Netis the IP address on which the VPN server is located?

I can ping the public address of the VPN server.

Public address from which I leave my netis: 185.93.94.x
I can't ping it...

Gateway address: 10.110.0.1
Also no ping

The provider can block outgoing/incoming traffic to/from the VPN server if, for example, it works on default ports for a given protocol.
For example, PPTP uses port 1723, among others.

If you are configuring your own service, try changing the port it runs on to something else, e.g. 443.

Depending on the VPN provider you use, this may also be possible.

And how and where to change this default port?

plcsystem wrote:

I can ping the public address of the VPN server.

Public address from which I leave my netis: 185.93.94.x
I can't ping it...

Gateway address: 10.110.0.1
Also no ping

This is still a basic question. Where are you trying to ping from?

plcsystem wrote:

And how and where to change this default port?

As far as I remember, it is not possible to change the port for PPTP. If I'm wrong, let my friend @Epic correct me.

Vytautas_YT wrote:

As far as I remember, it is not possible to change the port for PPTP. If I'm wrong, my friend @Epic can correct me.

It all depends on the specific server implementation. The easiest way to change the port is by doing port forwarding on the firewall. E.g. in Netfilter using iptables rules.

If the author uses an external VPN provider, such a change is probably not possible. Especially using the PPTP protocol. In OpenVPN it is definitely easier, but also rather on your own server.

The author mentioned that he additionally connected to his own server on a Cisco router for testing.

Nothing more can be said without specifics.
What is worth trying to get by testing on other ports is the certainty that the provider blocks VPN services and fraudulently tricks you into a public IP address. Then you can talk to the supplier differently.

Epic wrote:

Vytautas_YT wrote:

As far as I remember, it is not possible to change the port for PPTP. If I'm wrong, my friend @Epic can correct me.

It all depends on the specific server implementation. The easiest way to change the port is by doing port forwarding on the firewall. E.g. in Netfilter using iptables rules.

If the author uses an external VPN provider, such a change is probably not possible. Especially using the PPTP protocol. In OpenVPN it is definitely easier, but also rather on your own server.

The author mentioned that he additionally connected to his own server on a Cisco router for testing.

Nothing more can be said without specifics.
What is worth trying to get by testing on other ports is the certainty that the provider blocks VPN services and fraudulently tricks you into a public IP address. Then you can talk to the supplier differently.

I have a PPTP server on the RUT900 router, a lesser known Teltonika company. I have a SIM card with a fixed IP (Plus) in the router.
I would like to try this port forwarding, because I admit that my ISP annoyed me, especially during conversations on the hotline where they could not explain in any way why I cannot connect to VPNs.
Returning to port forwarding, I see that for such a relatively simple router, it has a lot of configuration options. In the menu for the firewall I have such tabs. Could you guide me what to do next?

In my opinion, redirection will not work here because you have a PPTP server set up on this very router and redirection (as the name suggests) redirects a given port from the WAN to a given address in the LAN to the same or another port. It would make sense if this PPTP server would be "placed" on something behind the router. In the current situation, you need to check if there is an option to change the port in the PPTP configuration on this router.
On the other hand, the PPTP client built into Windows cannot "connect" to a non-standard port.

edit:
Check from this network behind Netis if you are able to open this page: http://postquiz.net:1723/

Vytautas_YT wrote:

In my opinion, redirection will not work here because you have a PPTP server set up on this router and redirection (as the name suggests) redirects a given port from the WAN to a given address in the LAN to the same or another port. It would make sense if this PPTP server would be "placed" on something behind the router. In the current situation, you need to check if there is an option to change the port in the PPTP configuration on this router.
On the other hand, the PPTP client built into Windows cannot "connect" to a non-standard port.

edit:
Check from this network behind Netis if you are able to open this page: http://postquiz.net:1723/

There is nothing in the PPTP configuration about changing the port.


I can't connect to the postquiz page: "The site is unreachable"

And didn't you mean PORTquiz? :D

If so:
This server listens on all TCP ports, allowing you to test any outbound TCP port.
You have reached this page on port 1723.
Your network allows you to use this port. (Assuming that your network is not doing advanced traffic filtering.)
Network service: unknown
Your outgoing IP: 185.93.xx

plcsystem wrote:

And didn't you mean PORTquiz?

Exactly what I meant, typo crept in
It seems that the default PPTP port is not blocked. I'm curious if it would work on their public address from them and from what address pool these addresses are. Because I honestly ran out of ideas why it might not want to connect.

And going back to the ping tests I asked you for earlier, where did you perform these tests? From that network behind Netis?

Yes, from the local network created by Netis.

So being behind Netis you can ping your RUT900, right? And are you then able to get to its configuration by its public address? Do you have this option turned off at all?

Yes, from my home network (Netis) I can ping the public fixed IP address of the SIM card that is inserted into the RUT900.
I did not try to stick to RUT900 through this fixed address.
If I had such a need, I first entered the VPN and then the RUT900 through its address of the local network it creates.

I still have an idea to check the traffic on port 1723 between these two networks. You need to enable remote manageability on RUT900 and (if possible) change the remote login port to 1723 from the standard 80, 8080 or similar. Then you should access RUT900 from any external network via http://xxxx:1723
Where xxxx is obviously the RUT900 public address.

I see this topic is from a few months ago - but I have the same problem.
I've done it before - because in the past PPTP connection from home to work worked for me.
Somehow at the beginning of the year it stopped - I thought it was the fault of the windows patches.
Then I struggled with pptp on several computers at home, I thought it was my lack of knowledge.
Only after contacting JMDI it turned out that they changed the configuration on their side.
It's a lie that they don't block anything. "The VPN servers are blocking your IP address."
After all, I put this VPN myself and I know what my devices block...
What a guy was surprised when it turned out that other types of VPN work fine.
Fortunately, because I think it's not right that the operator uses such tricks to force me to pay PLN 10 for a fixed IP.
I don't know much about networks, but maybe it's a matter of the GRE protocol that uses port 47? - Is it possible to do some redirection here?

Hi, I would like to ask more experienced users if after reading this thread you could advise me on how to configure VPN in the company to bypass the blockade funded by JMDI? I have very basic knowledge and I would like to ask for possibly pathological explanations.[/i]

Use a different VPN protocol? You also have OpenVPN, WireGuard, and probably a few others