I have spent the past couple of days researching how to get my VPN on my new Asus RT-AC66R router to work, but no luck! At first, I really thought I had a faulty router because it worked one time, then no matter what I did, reboot, turn off/on, still cant access the newly set up VPN from my iPhone! I could access my work VPN just fine, so I know it is not the iPhone.
So I went and got myself another router and the first thing I did before changing any settings is try the VPN. BOOM, it worked great, disconnect/connect many times, it always worked and almost instantly! I was convinced it was the other router that was faulty.
Continuing the setup of the new router. I managed to get everything set up with all of my home network requirements, try VPN again, did NOT work?!! Impossible? WHY? I did not do anything special, could it be my WiFi settings? that wouldn’t make sense, why would WiFi screw things up? Could it be the firewall? No, because I tried disabling the firewall on the router just to see if VPN would work. Finally, Could it be DMZ? But that wouldn’t make any sense, if anything, if it didn’t work before, DMZ should make VPN work! So I tired to re-do everything and reset to factory, then every time I do a small change, I check VPN, just to narrow down the problem and see what is the real culprit here? Everything worked just fine until I turned ON DMZ, tried VPN, FAILED! Turned OFF DMZ, try to connect, everything connected fine! So it is DMZ! But why? I want DMZ enabled for my personal computer (Gaming PC). I dont want to sacrifice DMZ for VPN!
After countless searching and reading many pointless articles. No one seemed to be going through the same thing as I am. So I started reading more about DMZ! When DMZ is on, it forwards all of the non-configured ports to that host where DMZ is configured on. So port 1723 in my case, with PPTP VPN connection, is being forwarded to my host PC instead of to the router which is breaking the VPN connection!
*This only needs to be done if DMZ is on!
We need to forward the VPN port back to the router. Create a custom port forward rule that forwards port 1723 (for PPTP VPN) back to your router IP address. (ex. 192.168.1.1).
Now test your VPN connection again, you should be able to connect without having to turn off DMZ!
Below is a list of the ports that need to be forwarded if you have a different type of router/VPN and are going through the same problem (Asus RT-AC66R/RT-AC68R only supports PPTP by default):
PPTP: TCP 1723
L2TP: UDP 500 and 4500
IPSec: UDP 500 and 4500
I hope this will help others who are going through the same problem.