EE Bright Box VPN Issues

Hi there, I have been having problems with using VPN on my EE (formerly Orange) broadband. When I try to connect to work using my VPN software, although the connection appears to be successful I can then not ping any of the DNS servers or Domain controllers at the main office and therefore not do any work!! Stranger still, when i disconnect from the VPN connection the internet does then not work. The only way to get the internet working again is to reboot my router (Bright Box). Looking on other forums this looks to be a problem with this specific router, also I have discovered that the problem only occurs when connected via wireless. If I am connected via an ethernet cable I can VPN in to work with no problems.

I have tried contacting EE but they say they do not support VPN so cannot assist.

Any help would be much appreciated!

Report it as a broken router and ask for a new one. Just say that the internet intermittantly stops and you have to turn off the router for 2hrs before it starts working again and the router gets very Hot...

Hi,

I actually registered with this forum simply to post this response as I share in your frustration with EE Technical Support. If by now you have not found a solution to the problem, I have found a way to get the VPN working by editing a simple setting on the brightbox router.

1) Log in to the router at 192.168.1.1 and enter your username (admin) and password (supplied by EE).
2) Go to advanced set-up and press accept.
3) Click on Firewall and then Intrusion Detection.
4) At the bottom, under Intrusion Detection Feature, click disable.
5) Save settings.

The problem is that the intrusion detection feature ignores ping requests from outside servers. This prevents VPN tunnelling as the protocols (PPTP, IPSec, SSTP etc) require co-operation between the destination server and your router.

Edit: It may be you also need to disable the SPI and Anti-Dos firewall protection on the Intrusion Detection page too. I simpy disabled both for a guaranteed fix but you may want to try the above first before trying this option.

I hope this helps!!!

Edited by deleted (Mon 11-Feb-13 19:36:19)

As you can confidently run around all the configuration pages of this router would you mind telling me if your router:
1. Issues LAN IPs in sequential order starting from 192.168.1.2
2. Whether there are different entries other than 192.168.1.1 for the DNS settings and the Gateway
3. If you wanted to substitute the Bright Box for another router, what would be the necessary settings in the alternative router.

My apologies for hijacking this thread onto another subject, but your indulgence would be appreciated.

1. No, they are seemingly random.
2. Those are the values the PCs usually see. The router's Gateway is 213.1.112.200 and it gets the DNSs from Orange.
3. Broadband Username ***************
   Broadband Password ***************
   Protocol PPPoA
   VPI/VCI 0/ 38
   Encapsulation VC MUX
   Internet IP Address Dynamic
   DNS IP Address Obtain from ISP
   MTU 1500

In reply to a post by XRaySpeX:

1. No, they are seemingly random.
2. Those are the values the PCs usually see. The router's Gateway is 213.1.112.200 and it gets the DNSs from Orange.
3. Broadband Username ***************
   Broadband Password ***************
   Protocol PPPoA
   VPI/VCI 0/ 38
   Encapsulation VC MUX
   Internet IP Address Dynamic
   DNS IP Address Obtain from ISP
   MTU 1500

Your response is very much appreciated. My gateway is currently shown as 192.168.1.1 in the brightbox; I wonder why yours should be different? I just have a gut feeling that my router has a fault and wanted to try a know good router. EE have had a remote session onmy router and gave it a clean bill of health.

In reply to a post by trolleybus:

My gateway is currently shown as 192.168.1.1 in the brightbox; I wonder why yours should be different?

I never touched mine; it was set by Orange upon connection. 192.168.1.1 seems recursive; router is pointing at router .

The Gateway is always Step 2 of any tracert. See latest thread about games in EE/Orange forum here of mine & OP's tracerts.

In reply to a post by trolleybus:

As you can confidently run around all the configuration pages of this router would you mind telling me if your router:
1. Issues LAN IPs in sequential order starting from 192.168.1.2
2. Whether there are different entries other than 192.168.1.1 for the DNS settings and the Gateway
3. If you wanted to substitute the Bright Box for another router, what would be the necessary settings in the alternative router.

My apologies for hijacking this thread onto another subject, but your indulgence would be appreciated.

No problem - I know someone has already answered but I shall go ahead anyway.

1. Nope, gateway is 192.168.1.1 and addresses of the form 192.168.1.x are designated randomly.
2. Nope, DNS settings are set to obtain from ISP so I left that field blank. The gateway remains 192.168.1.1.
3. Necessary settings would be your broadband username/password, beyond this most routers default adsl settings would be sufficient. (The settings for encapsulation and protocl etc are normally correct by default but I gather have been posted above by another user.

Edited by deleted (Tue 12-Feb-13 14:27:18)

I could not resolve the actual issue reported by smeader88. Does anybody have a working solution for establishing a VPN connection from a wireless device with ee's BrightBox router?

As reported in the initial post, everything works fine from a wired connection, but any attempts on the wifi interface will essentially shut down the router's wifi, and require power cycling the router to recover.

This used to work fine on the old LiveBox router and still does just work when I plug it back, which I am considering doing permanently; I just can't believe VPN over wifi isn't supported on the BrightBox...

Hello,

I can't get my VPN to work properly even with a wired connection! It appears to be connected, but I can't ping any devices or RDP to any machines. EE technical support can't help because they don't support VPNs!! I've disabled the firewall on the Bright Box but am still having no success.

I've found my Father-in-laws Orange vDSLbroadband has this problem, ie vpn shows it's connected but all traffic is actually routed via base connection and not via the vpn. I've not tried disabling the Intruder Detection yet as this sounds rather drastic! An alternative could be to allow pptp (point to point tunnelling protocol), or ipsec etc as required. This would be safer and might work provided the 'external ping' issue is not controlled by some other aspect of intruder detection that cant be controlled by a rule. Has anyone tried this?

In reply to a post by tobiz:

I've found my Father-in-laws Orange vDSLbroadband has this problem, ie vpn shows it's connected but all traffic is actually routed via base connection and not via the vpn. I've not tried disabling the Intruder Detection yet as this sounds rather drastic! An alternative could be to allow pptp (point to point tunnelling protocol), or ipsec etc as required. This would be safer and might work provided the 'external ping' issue is not controlled by some other aspect of intruder detection that cant be controlled by a rule. Has anyone tried this?

Tried all the firewall & intruder detection setting options and none allowed vpn to my Draytek 2820 router. Since I know this can be done, eg from Bt Infinity broadband setup I conclude vpn over EE is not possible. I assume somewhere in the Orange contract small print it specifies this but have not looked. Not having vpn is very restrictive especially since the previous Orange broadband kit permitted it.

It's not quite the same but I had problems getting usable VOIP with a Brightbox. Replacing the Brightbox router with a Draytek solved the problem instantly.

The EE network was fine, the Brightbox was crippled.

I think the Brightbox has severe limitations when it comes to using it for anything other than basic web connectivity.

Try a different router locally - I'm assuming the Draytek you refer to in your post is at the office. If not, sorry!

In reply to a post by caffn8me:

It's not quite the same but I had problems getting usable VOIP with a Brightbox. Replacing the Brightbox router with a Draytek solved the problem instantly.

The EE network was fine, the Brightbox was crippled.

I think the Brightbox has severe limitations when it comes to using it for anything other than basic web connectivity.

Try a different router locally - I'm assuming the Draytek you refer to in your post is at the office. If not, sorry!

Thanks for the reply. My father-in-laws setup seems to be an EE Bright Box connected to a BT Infinity box. I think the Bright box is the router and the BT box the vDSL terminator (probably normally placed on the wall next to the BT Master socket). I think you are right that the local wifi network from the Brightbox is ok it's the Bright box router part that is the problem not passing on VPN packets. BTW the router is not in an office, it's my private one. At some time I might try replacing the EE Brightbox with another vDSL capable router (such as a Fritz!Box), set that up so it has vDSL on the broadband side and a standard network on the other. As I said I'm pretty convinced it's the EE Bright Box router as I've been able to VPN to my Draytek from lots of places and by lots methods, eg wifi, cabled lan etc. The real problem is I need to get at least VPN to work to my router before attempting to connect my wife's laptop via VPN to her office from her father's home network; I have no idea what her company uses for their VPN but my guess that it has the words Cisco and Microsoft somewhere in the chain.

I've had good results getting various Drayteks to connect VPNs with each other and with Watchguards of assorted flavours - all using IPsec.

The Drayteks I now run VPNs on are all VDSL routers without the BT Openreach modem. I haven't had a chanc to play with a FritzBox yet.

A Netgear DG834 ADSL router connected to Watchguard by VPN but had treacle slow throughput (less than 1Mbps).

I think the Brightbox is probably borked.

Good luck!