Rogers Modem: Hitron CODA-4582U
TP-Link Router: Archer C9
Goal: Connect the above router to the Rogers modem/router so that I can have a separate WIFI network that goes through VPN, while the original Rogers modem/router goes through regularly. I do not want the Rogers modem in bridge mode, I want two separate networks; VPN, Non-VPN.
Problem: Entering the L2TP connection into the TP-Link router does not allow connection to the VPN. Passthrough is enabled on the router and the modem.
I have TP-Link Archer C9 that has the option to set L2TP connection so that I can connect through a VPN. I have taken this router to a friends place that has a Bell Hub and we connect it to the Bell modem and the TP-Link router connects to the VPN server using my credentials through L2TP. We successfully make two networks, one with VPN and the main WIFI without.
With the Rogers modem, I connect it just like the Bell modem and try to connect using the credentials to the VPN server through L2TP and it hangs on "connecting" like the Rogers modem is refusing it. I have confirmed that without the L2TP connection we can connect to the regular internet, but connecting through L2TP does not work.
I couldn't really find any settings that would help in the Rogers modem to possibly fix this.
Does anyone have any idea? I'd be glad to explain in further detail if needed.
Welcome to the Community!
Sorry to hear you're having an issue with your VPN setup! To my recollection there certainly shouldn't be an issue setting up a VPN on a different subnet. I don't have the ability to test it currently though, perhaps other's in the Community could weigh in with their experience :).
So that they can better assist can you provide us with your current settings on your modem and router?
@ChrisBlachnio consider placing the router in the DMZ, which is found in the BASIC .... DMZ tab. I'm not sure what the selection is for the DMZ host when you enable the DMZ. It could be an IP address or a MAC address. If it turns out to be an IP address, I'd create a static IP address for the router, reboot the modem and then place the router in the DMZ. To create a static IP for the router, with the router connected and running, navigate to the BASIC .... LAN SETUP and use the DHCP Reservation to create a static IP address for the router.
Food for thought, just to see if this might work, kick the modem into Bridge mode with the router up and running and after the modem has completed the switch over to Bridge mode, try the VPN. If that doesn't work, I don't have much hope that your VPN would work with the router in the DMZ. If that's the case chalk this up as yet anther example of an Intel Puma modem failing to support a VPN.
Keep in mind, that with the router in the DMZ, its relying on its own firewall and Intrusion Detection System for its protection.
Thanks, I'll give that a try! What would be the inherent risk of putting the router into the DMZ? From what I understand this leaves the router open to the internet, which even if it does work doesn't sound like a good plan.
That configuration should be no different than running a modem in Bridge mode with the router behind it. Same idea here, the router has to be able to protect itself from the constant probing that goes on.
If you're not comfortable with running the router exposed to the internet I don't have any other solutions for you.
If you tried the modem in Bridge mode and it didn't work, then I don't believe that this would work with the router in the DMZ either. That would be a major failure for this modem. The DMZ idea would be a moot point if this was the case.
Now, fwiw, I saw a post yesterday from @JohnBeaudin indicating that the XB6 modem was now available as a stand alone modem. I don't know where he saw that. If this is the case, then maybe switching to the Technicolor CGM-4140COM might solve the VPN problem. Thats the Technicolor version of the XB6. There is also an Arris version, but thats also an Intel Puma 7 modem, so, I'd avoid that modem. There's no guarantees on this however. First step is determine the availability of the XB6 modems as a stand alone modem, not tied to the Ignite TV service.
You should also ensure that UPNP is disabled in the router, and modem, and that when you disable UPNP, that you check for any existing port forwarding rules that UPNP may have already created and delete them.
VPNs with Intel Puma modems have been a pain ever since Rogers introduced the first CGN3 back around 2014/2015. A VPN will either work or it won't, and you won't know that until you get there. If you have the ability to try another VPN type and can select UDP or TCP/IP, have a look at those possibilities as well. Rogers official position is that Rogers doesn't support VPNs. So, there is no impetus to address VPN problems with Intel. End result, if a VPN works on an Intel Puma modem, that's a matter of luck rather than good planning.
If Rogers has changed its modem availability policy and decided to allow all users access to the XB6 modems, that will be a pleasant surprise. That would allow access to the only non Puma modem in the inventory, which is the Technicolor CGM-41410COM. The modem model stickers are found on the bottom of the XB6. Note that there hasn't been sufficient feedback to say with any certainty that any specific VPN would work with the 4140 modem. So, once again, you won't know if a VPN will work, or not, until you're actually there.
To swap modems at the nearest Rogers store, you might have to call tech support to raise a work order. Some stores need a work order, some don't. Can't tell you which is which unfortunately. So, you would have to call the nearest store to see if they have the XB6, specifically the Technicolor CGM-4140COM and whether or not they've heard that the XB6 modems are now available to all customers. Typically the local stores do not carry the XB6, so, I suspect that if they do happen to have those modems in stock, they should then be aware of any changes in the distribution policy for the customers.