EggXpert

I live in Hoboken NJ in a high rise appt bldg. I have a Netgear WGT624 ver 4 that I bought here at Newegg about 3 months ago. I have been having issues with dependability and dropped connections when I am on the company VPN (Nortel VPN client monitor) especially and not so bad when not on it. I have narrowed down the problem, I think, to interference from other peoples wireless routers and there are many when scanning on the laptop I can see at least 20 or more. The problem comes and goes, some times it works fine and an hour later not at all, but I cannot narrow it down to any particular hardware or configuration issue that I can find. I turned off the TV unplugged the cordless phone everything that might produce RF interference and it still occurs. I have tried every configuration of security to wide open and still the same. 

Before buying a new wireless router, you need to try changing the channel.  Try channel 1, or 11.  If I recall correctly, Netgear defaults to channel 6 from the factory.  And if you're using the Super G feature of that router, you may have to give it up because Super G only works on channel 6....<sarcasm> sure genius from the engineers at Atheros </sarcasm>.  What you're expriencing is probably interference from other wireless networks occupying the same channel you're operating from.

The reason your VPN connection is having more issues than regular surfing is because VPNs are very time sensitive.  Any latency and the tunnel collapses.  This is why VPNs don't typically work over satellite connections.

Have you applied the latest firmware.

Have you checked their page on dropped connections?? 

Previously I have tried to change the channel but was unable to get it off 6.  After your suggestion I played with it a bit more and found that if I change the Auto G option first then I can change channels from 1 - 11.  So then I mapped out all the chanels in use and found that 1 is used 5 times, 6 16 times and 11 17 times with the other numbers used once or blank.  So I chose 4 as it was blank.

 However I am sill seeing slow throughput speeds and slow aquire during log in.  I will have to use it for a while on this channel so say if it is more stable or not.

 This router automatically checks for updated firmware during log in and I have tried a lot of the suggestions for locating RF interferance etc.

 Thanks for the help

Well changing the channel did not help, the signal strenght still wonders from excellant to disconnected over the course of an hour or so.

 Any other suggestions?

I usually run TCP Optimizer once I get my OS installed which gives me a little more thoroughput.  It is fairly easy to run and will save a back up if you want to go back.

 Are you on DSL or cable???  If DSL and using PPOE you may need to set MTU in router (1492) or you will/may get more dropped packets I believe.  TCP Optimizer has a largest MTU app.

Haven't used VPN but if software is used is it up to date??? 

May be some help for you on google, if you haven't already used that particular search.  Delete your specific router for more/different results.

Have you checked to see what packets the router is dropping from your companies specific IP???  I'm sure you've already got ports forwarded and such.  You might want to add the ports specifically to windows firewall instead of having just the software listed in the firewall section. 

Do you have it set up as on demand or always on and have you tried whichever one you don't have it set at now.  

What is your IDLE timeout set at.  0 should set it to no timeout. 

Haven't used my wireless in a while but I believe after I disabled security and set mac addresses as the only computers to be able to connect connection got a little better.  Probably makes it a little easier to get in though if someone wants to, not sure though.

What is the wireless chipset in the notebook and also OS, and have you tried anything in those settings?? 

Use channel 1.  The reason why I said 1, 6, and 11 are your best options is because these channels are non-overlapping.  Channel 4, even though it looks free, is overlapping another channel.

You guys are great for lending a hand on this.  Below are the questions and answers. 

Are you on DSL or cable???  If DSL and using PPOE you may need to set MTU in router (1492) or you will/may get more dropped packets I believe.  TCP Optimizer has a largest MTU app.

Optimum Cable modem

Haven't used VPN but if software is used is it up to date???  

Yes I updated it the other day and that help reduce the frequancy of drops as I have a feeling it is more forgiving to the latency times but it still occures for long delays.

Have you checked to see what packets the router is dropping from your companies specific IP???  I'm sure you've already got ports forwarded and such.  You might want to add the ports specifically to windows firewall instead of having just the software listed in the firewall section. 

I have no clue how to check for dropped packets.  I did try and play with the ports but that is above me at the moment on how to forward them etc

Do you have it set up as on demand or always on and have you tried whichever one you don't have it set at now.  

The router is set up for allways on, auto connect

What is your IDLE timeout set at.  0 should set it to no timeout. 

Is that setting in the router or the PC?  I do know know what it is set at.

Haven't used my wireless in a while but I believe after I disabled security and set mac addresses as the only computers to be able to connect connection got a little better.  Probably makes it a little easier to get in though if someone wants to, not sure though.

I did try open access for a while to see how that would work and still the same dropping issues.  I do have the limited access of my PCs set by mac address.

What is the wireless chipset in the notebook and also OS, and have you tried anything in those settings?? 

Win 2K with an Intel Pro/Wireless 2200BG, updated the drives last week via MS auto update

I changed it to channel 1 as suggested and it is still dropp connections and varying signal strenght.

It is funny as it is slow to aquire the connection and once aquired it conflicts status, the signal strength indicator is all fuzzy and says it is still aquireing but the two computers I put on the task bar to monitor network traffic indicate a connection and I can browse just fine once the IPs resolve themselves.  After about 5 - 10 min the signal strength indicator will look normal showing the current strength.

This is all weird as hell...............  I wonder is some hacker in another appt is trying to harvest data out of the air to steel IDs or something.

Intel has a feww things on disconnects here under that chipset.

You said if you hardwire the notebook to the router that the vpn is fine???  If so that would indicate communication between the router and the wireless card/chipset most likely.  You could hardwire it for a little bit and see if you have the issues still at that would point to the connection between your router and the companies.

Can you find the model# or brand on the cable modem???  If so post it.  As I couldn't find any of the settings on the Optimum site aand it looks like they have quite a few modems.  Never had cable internet so unsure of the settings in modem offered.

Did you install there software???(Optimums)???  I never could get good connect when I had Bellsouth software installed. 

Not saying it will be the same with your router but with mine "Always on" would lose connection all the time.  If you have a computer that is hardwired and it doesn't loose its connection it should be fine though.  Also your modem may have a similar setting or a bridge setting, hence if you can find model and brand or I will see if I can find settings somewhere.

Idle timeout setting is in the router.  Should be on the first page I believe.  With always on it should become null I think though.

You said you did get your port forwarding worked out.  Which ports??  I found  you may need IPsec enabled with ports 50, 51, and 500.  It should be a setting in the router.  The router manual says if your IP changes you may need to enable port triggering instead of forwarding.

If I recall my wireless starts of with a low signal strength but climbs after a bit sometimes, so I think this may be normal.  Haven't used wireless in a while though as I said.  

Never know about the hacker stuff, I ran mine open all the time until all my bandwidth started to be used.  I also booted up one day and had a bunch of smiley faces and such on the boot screen?????   Not sure how that would have been done or if it was just freak deal but have it locked down with mac address now.  Can't remember if I had to reflash bios or reinstall after that if I did anything at all????  System is set up to reinstall easily just for that kind of stuff plus the fact windows is windows and likes to lose things.  Think I did have to reinstall.

Go back to My network places and bring back the properties of the wireless network card (as described above) on the “Wireless Networks” Tab click Advanced > Power Management > un-tick the default tick box and move the slider all the way up.  I think the intel page had something along the same lines as this.

Hope something may help you out.  Wish I could direct you to a quick fix but or give you something more specific.

What firmware version are you running on your WGT624?  I took a look at the product support page and found some references to wireless instability issues.  Version 2.0.9 was supposed to fix an issue with the Auto 108 setting.  From the version notes: Fixed “Router reboots and crashes automatically issue under a heavy interference environment and wireless mode is Auto 108 Mbps”.  Version 2.0.12 states: Improved wireless connection stability.  Whatever that means.  Apparently, Netgear hasn't improved on this router from when I was using the v2 version.  When I got the v2 version, the firmware was absolutely miserable. The issues were exactly what the version 2.0.9 update on the v4 was supposed to fix.  The interference issue caused wireless connectivity to be absolutely useless.  The outcry from ticked off users was so much that Netgear had to rush a beta fix as their support forums were being lit up by unhappy owners.  So I guess Netgear didn't learn their lesson.  But it looks like there are some firmware updates which address wireless stability issues.

As far as port forwarding for VPNs is concerned, there's nothing you need to do to have a VPN connection initiated from inside your network to an internet VPN server.  I've had tons of VPN connections I've established from my home network to my work network and from remote connections I'm on back into my home network.  The only time you would have to worry about the VPN/IPSEC ports is if you have a VPN server inside your network which you want to host secure connections and don't have an option for VPN pass through support.

If the firmware doesn't fix the problem, try a driver update on your wireless NIC.

Can you find the model# or brand on the cable modem??? 

D Link  DCM-202 Rev 1A    F/W Rev 2.00.03D1.02

Did you install there software???(Optimums)???  I never could get good connect when I had Bellsouth software installed. 

No, when I moved in it was here and I just hooked up and used it

Idle timeout setting is in the router.  Should be on the first page I believe.  With always on it should become null I think though.

I tried to find it but no luck, I will keep looking for this and give it a try

You said you did get your port forwarding worked out.  Which ports??  I found  you may need IPsec enabled with ports 50, 51, and 500.  It should be a setting in the router.  The router manual says if your IP changes you may need to enable port triggering instead of forwarding.

No I do not know how to port forward yet, I was going to work on getting it figured out next I guess

Go back to My network places and bring back the properties of the wireless network card (as described above) on the “Wireless Networks” Tab click Advanced > Power Management > un-tick the default tick box and move the slider all the way up.  I think the intel page had something along the same lines as this.

Done

What firmware version are you running on your WGT624? 

V2.0.6_2.0.6NA  I will install the 2.0.9 now that I see it is different and you mention below why.  I wander why the auto update did not catch this?  Oh well

I took a look at the product support page and found some references to wireless instability issues.  Version 2.0.9 was supposed to fix an issue with the Auto 108 setting. 

You guys are great, a lot better than the Netgear forum when I tried to work this out there.

Was browsing through the router manual again and it said for some VPN you may need to disable SPI firewall in the WAN setup of config page. Shouldn't have missed that one.

Being in an apartment community you might not be able to get decent bandwidth with cable.  Not sure how they have it set up for you but if everyone is using the same node then there might be a limited amount of bandwidth left.  As I mentioned you might try running the TCPOptimizer app I linked to and this will set some values in OS that are geared more towards high speed.

Not sure with cable modem if you are using USB or ethernet cable but the ethernet cable should improve performance over USB.

Couldn't find anything on D-link as to what the internal configuration pages have??????  I have my DSL modem in bridge mode so that both router and modem aren't doing DHCP/NAT.   Should still work with everything still though as mne worked ok before setting it to bridge mode.  192.168.100.1 should get you to the config page if it has one and you want to check it out,  but you will not be able to reach it through the router.  Would need to be wired to it.  I don't think that  D-Link model has firewall or anything to configure so that is probably why they don't publish anything on the config.

Idle timeout may be disaled as you said it was set to always on and this most likely does disable any timeout. 

You said the router is not in close proximity of anything and up high.  Not neat modem is it??  Just making sure.  Don't have to answer those back as long as you are there.

As far as the ports are concerned then as ZX10 said it should work especially if plug and play is enabled on the router config, which if I remember the manual it is by default but not sure, so just see if you see a UPNP page on the router config and enable it if it is not already and there should be a list of ports on that page that the router has already enabled.  That means the Nortel software should tell the OS what port to open and the OS then tells the router what port to open.   This brings us back to the modem and what configration paremeters it has though.  If you peek around in there and there is a bridge mode enable it.   I don't think that D-Link model has firewall or anything to configure so that is probably why they don't publish anything on the config.  Just restating??

I stated the 50 and 51 ports wrong I just foud the VPN Client sheet on Nortel  the 50 and 51 are protocols so just the IPsec port 500 is needed.   Sorry found it on a forum the first time and was hard to decipher.  Portforward.com has port forwarding and triggering info. It does say to enable the protocols and port 500 on UDP if you are having disconnect issues.  As far as the protocols go I could not tell you how to enable as my router does not do this function.  I'd just make sure that port 500 is open.  Like I said though check the UNPNP section of the router to see if it is already listed.

Hi Nate,

It's not a function of uPNP.  It's just how a regular stateful firewall will work.  As long as the traffic is initiated from the inside, there is no configuration needed as by default, the router will allow all inside traffic to traverse out to the internet.....highest trust zone to lowest trust zone.  But by virtue of how a firewall works, lowest trust zone to highest trust zone (ie your private network) is always blocked.  This is the reason why if you want to expose services or devices you have inside of your network to the internet port forwarding is used.  Can you change the default behavior of a firewall concerning inside going out traffic?  Sure.  You can create ACLs which prevent certain traffic or devices from getting out to the internet, but most if not all consumer routers don't have this functionality.

I'm almost 100% confident this is a wireless stability issue.  The OP stated his VPN connection was stable and working properly when hard wired.  So this to me rules out the actual router being the issue or any internet configuration being a problem.  It's true that for DSL an adjustment in the MTU is sometimes in order.  I've left mine at 1500 with no real ill effects but ratcheting down to 1492 wouldn't hurt either.  If I recall the reason this is done is because of the PPPoE traffic consumes some of the packet space.  The side effect of having too big of an MTU is that the packets are framed too large for the devices involved and fragmentation results causing performance issues.  It's usually apparent when you suffering from fragmentation issues though.  Hence why again, I don't think it's the case here with the OP's results going hard wired.

I've done extensive VPNs on my home network using the very Netgear router model the OP is currently using.  I didn't establish a VPN through my WGT624v2 to an internet VPN server but I did through my internal network to a Netgear FVS318 VPN end point router.  The client was my laptop running the built in 3DES IPSEC Windows client via a wireless connection.  Never had a problem establishing a VPN tunnel and never had to do any special modifications to the WGT624v2's config.  Now a days, I've morphed my home network significantly.  Gone are the the WGT624v2 and the FVS318.  I now have a Netgear WG102 as my wireless access point and a Netgear FVS338 (soon to be replaced by a Cisco 1861) as my edge router.  I routinely VPN into my corporate network from my laptop using the Cisco VPN client without issues.  In fact, I've done it a few times with another laptop I have on another VLAN which isn't directly attached behind the Netgear FVS338.  From the other VLAN, I have to traverse through an ASA 5505 firewall before the traffic hits the Netgear to go out to the internet.  I can still make a solid connection through NATing across multiple firewalls.

So I feel what's happening here is a classic problem of 802.11 b/g using the unregulated 2.4 GHz air space.  It's too much of a wild wild west.  VPNs are extremely connection quality sensitive.  Any latency as I've stated previously will cause extreme issues with a VPN.

Sorry about the long winded response.

I also just wanted to clarify some things on the ports mentioned for IPSEC traffic.  The ports 50 and 51 are IP ports which are sometimes confused with just being TCP ports.  But will work as TCP port rules if your router firewall only has that option.  These ports are absolutely needed for IPSEC traffic.  Depending on how you have your IPSEC policy set up, you will use either port 50 for ESP (encapsulating security protocol) or port 51 for AH (authentication header.)  The use of ESP is more secure as it encrypts the entire packet data while AH only provides data integrity through header information leaving the data unencrypted.  AH is definitely faster than ESP as there's less overhead but obviously you're leaving yourself vulnerable as AH only ensures endpoint to endpoint identity while anyone can sniff the wire and pull the data.  The option was put out there when network gear and server hardware wasn't as fast as they are today.  In today's world, there's really no reason not to use ESP for extra data protection.

Again, these ports only come in to play if you are hosting a VPN end point server behind a firewall which you have to allow this traffic through from an untrusted zone (ie internet) to a trusted zone (ie private network.)

Just additional trivia information, Cisco's VPN implementation also requires port 10,000 but I forget whether it's UDP or TCP though.

Yeh I forgot he said it worked hardwired?????  So it is wireless then.    Don't really need to work on router/modem settings if it wireless.  Except if the modem  has wireless settngs.  In advanced wireless section on router you might try disabling the 108mbs feature since it only works with Netgear stuff most likely, or you can set the wireless mode to something below auto 108mbs.  Might try the extended range feature also for the 'ell of it.

The connection is a whole lot more stable now, it looks like updating the F/W helped a lot.  The auto update feature was giving me a false sence of security that was occuring for me so I did not go looking for an update.  Oh well, live and learn.

Unfortunatly the connection feels slower now and it is noticabley slow and or slower on VPN.  So now I need to figure out how to speed things up. 

So how does that Bridge option get configured?  Do I need to copy the IP or someting from the cable modem into the router?  Are there any settings I can put in the router to optimize it to the modem?

This is the cable modem info, the only changable setting is the frequancy and I unless I have a way of identifying a better one I will leave it alone.   The rest of these settings or options are greyed out and not changeable.  I may be able to call Optimum and have them change settings if that would help I could try.

General Information

Cable Modem IP Information