L2TP VPN BLOCKED by AT&T Uverse Router

Hey @bakershack,

We'd like to help you with this. You will have to find the ports that your VPN runs under, and open it up in the router. Here is how to setup port forwarding. Here is a list of ports blocked by AT&T and why.

Let us know if this helps.

Max, AT&T Community Specialist

AT&T needs to FIX THIS (Edited per community guidelines). I had a perfectly working L2TP VPN up until last week when they installed this 1G fiber and router.

It is DEFINITELY AT&T blocking the VPN ports.  My employees with AT&T are the ONLY ones having troubles, and it is intermittent for some of them, which tells me that AT&T blocks/unblocks the ports for some reason.  If I had a choice, I would go with another ISP in a heartbeat due to this.  

And having my employees unfortunate enough to have AT&T make changes in their home routers, many of which ARE RENTED FROM AT&T, is ASININE!

Hello, hrmilo5239

Not being able to access a VPN is certainly frustrating, especially with most of us working from home.

From our research, L2TP VPNs use UDP port 1701. You may need to manually open that port on your new router.

This support article has steps for each specific router model.  Choose yours from the drop-down, and then follow the steps to add a new user-defined application or a customer service (depending on the model).

Let us know if you need anything else,

Meaghan AT&T Community Specialist

Meaghan, I have had my users jump through these hoops TO NO AVAIL!  Please pass on to AT&T to STOP BLOCKING VPN!  It is quite obvious when NONE of my users with non-AT&T ISP's are having issues!!!!!!!

ATT, the truth is you are making VPN traffic a nightmare so you can sell YOUR VPN product.

You can fool home users and the casual neophyte in VPN but not trained technicians. It is so clear that when I use a Verizon hotspot vs my home att supplied wifi. Hotspot - connect every time no problems. ATT WiFi - No dice, at all.

So here is what you are doing. You are not outright blocking VPN ports. Heck, that is against FCC rules after all. So instead, you disrupt traffic and protocols over those standard VPN ports to make connections impossible. But the port is OPEN. Then when home users call and complain you sell them your VPN product. 

It is an old sales trick. I'm not impressed and neither are the other techs who see through this (Edited per community guidelines). 

Just stop it. Fix the issues and let us get back to our work. I do not have the luxury of spending an entire day working around a problem you created.

AT&T is not blocking anything in regards to L2TP.  I've been on their Uverse for over a year and keep my L2TP open literally 24x7 for a week and more with absolutely no disruption.

I recently have switched to the AT&T 1G fiber and I can report on one observation about the new gateway router they gave me.

When I disconnect my L2TP session, that router seems to hold onto the L2TP connection details for about two minutes before destroying them.

You can start up the same L2TP connection, but you cannot start up a different one until it has destroyed the one it currently has in session state.

You can clear the router by rebooting it, but it takes just about as long as just waiting the two minutes.

So to be clear, if you are setting up a VPN connection and do not establish the parameters correctly, your first attempt is going to fail, but it is also going to create a session state inside the ATT&T router that will not go away for about two minutes. So further attempts at changing your VPN parameters and re-testing are always going to fail unless you wait for the router to clear its state.  I thought that on this new AT&T fiber connection they might be blocking my VPN because I KNEW I had similar working profiles that would go on for weeks.  It was sheer happenstance I figured it out. Out of frustration I walked away from my desk and returned ten minutes later and the VPN connected!  I tried a different profile, it did not.  But then it did after I rebooted the ATT router.  I performed some Cisco debugging on our office router and even though my VPN was disconnected I could still see the ATT router communicating with our office router. It had session state.  And it went away after about two minutes.

In the end, there was nothing I had to configure in my ATT router for my L2TP connection to work.  Just be sure to set your L2TP parameters up correctly and if you change anything, reboot the ATT router or wait a good couple minutes.

Hey @allpro4325,

We are here to help with your VPN trouble. There are many things that can go wrong inside a VPN that is not with the ISP. It is true that some 3rd party VPN's are easier to setup with certain ISP, but that has more to do with both companies protocol setup.

Have you tried port forwarding the applications ports or changing the ports?

• Some ports are faster by ISP general protocol, and changing the port can help.

Have you tried ip passthrough or dmz+?

• Not recommended unless you like to bypass the Firewall all together.
• Possible security risk.

Have you double-checked the Firewall settings?

• Try disabling the Firewalls, and see if it is a Firewall issue.

Have you made the proper exceptions for the application?

• Sometimes applications need to have the proper exceptions connected for them to be stable. Otherwise, trouble can occur.

Are you connecting to the right servers?

Have you confirmed the type of connection that has to be made?

• Many companies require the connection to only be Wi-Fi or Ethernet.

Have you tried changing the DNS server on the device side?

• AT&T routers do not have a function in which you can change the DNS.
• From the device side; you are able to change the DNS.

Did you check the IPs that the VPN is using?

• Make sure there is no conflicting IP and the subnet is correct.

Let us know if this helps.

Max, AT&T Community Specialist

@ATTHelp,

All of these are good suggestions, but the fact remains that they do not always apply, they do not always work, and I am not seeing VPN connections issues with ANY of my users who have non-AT&T ISPs.  That really does put the ball in AT&T's court.  The confusing thing is that SOME of my AT&T ISP users have no issues, so it may be an issue with local switching stations or routers within the AT&T network.

Hi, @bakershack.

We recommend that your users try Max's solutions to see if they work. If they are still having trouble, they can reach out to us for further assistance.

Thanks for contacting AT&T.

Marc, AT&T Community Specialist