Hyper Expert /Blog
About
Archives

DMZ seems to break VPN on Asus RT-AC66R!

JUMP TO THE FIX

I have spent the past couple of days researching how to get my VPN on my new Asus RT-AC66R router to work, but no luck! At first, I really thought I had a faulty router because it worked one time, then no matter what I did, reboot, turn off/on, still cant access the newly set up VPN from my iPhone! I could access my work VPN just fine, so I know it is not the iPhone.

So I went and got myself another router and the first thing I did before changing any settings is try the VPN. BOOM, it worked great, disconnect/connect many times, it always worked and almost instantly! I was convinced it was the other router that was faulty.

Continuing the setup of the new router. I managed to get everything set up with all of my home network requirements, try VPN again, did NOT work?!! Impossible? WHY? I did not do anything special, could it be my WiFi settings? that wouldn’t make sense, why would WiFi screw things up? Could it be the firewall? No, because I tried disabling the firewall on the router just to see if VPN would work. Finally, Could it be DMZ? But that wouldn’t make any sense, if anything, if it didn’t work before, DMZ should make VPN work! So I tired to re-do everything and reset to factory, then every time I do a small change, I check VPN, just to narrow down the problem and see what is the real culprit here? Everything worked just fine until I turned ON DMZ, tried VPN, FAILED! Turned OFF DMZ, try to connect, everything connected fine! So it is DMZ! But why? I want DMZ enabled for my personal computer (Gaming PC). I dont want to sacrifice DMZ for VPN!

After countless searching and reading many pointless articles. No one seemed to be going through the same thing as I am. So I started reading more about DMZ! When DMZ is on, it forwards all of the non-configured ports to that host where DMZ is configured on. So port 1723 in my case, with PPTP VPN connection, is being forwarded to my host PC instead of to the router which is breaking the VPN connection!

THE FIX

*This only needs to be done if DMZ is on!

We need to forward the VPN port back to the router. Create a custom port forward rule that forwards port 1723 (for PPTP VPN) back to your router IP address. (ex. 192.168.1.1).

Now test your VPN connection again, you should be able to connect without having to turn off DMZ!

Done 😉

Below is a list of the ports that need to be forwarded if you have a different type of router/VPN and are going through the same problem (Asus RT-AC66R/RT-AC68R only supports PPTP by default):

PPTP: TCP 1723
L2TP: UDP 500 and 4500
IPSec: UDP 500 and 4500

I hope this will help others who are going through the same problem.

////////

Hi, my name is Ali. I am a Systems Engineer. I live in the beautiful Evergreen state. I have a Bachelor degree of science in Information Technology with a handful of accompanying I.T. certificates. I also have a degree in Computer Networking. I am an Apple Certified Technician, Microsoft MCITP and a Linux expert.

9 Comments

  1. TIm Chan · June 14, 2014

    hey i wanna thank you so much for this post! the exact same issue has been bugging me for ages and am using a old asus rt n16 router. you’ve helped me solve it big time. once again thank you very much! haha =D

    Reply
  2. google searcher · December 18, 2014

    OH MY GOD!!!

    im using asus ac87u and exactly same this problem!!

    AND

    DMZ ON was THE PROBLEM!!!! thank you now i can sleep now 🙂

    Reply
  3. Costin ILIE · August 13, 2015

    I want to thank you . I had a similar problem with the Asus RT- N10U router . I have a surveillance system that needs DMZ and VPN fososesc also given . I get angry that I could not use them both. Thank you.

    Reply
  4. Lehel · February 28, 2017

    Thank you so very much for this info! Saved my day. Similar situation as Costin – surveillance system needs DMZ and couldn’t connect to VPN. Just had to forward the mentioned port back to the router’s IP.

    Reply

Would you like to share your thoughts?