1011 Views 2 Replies Latest reply: Apr 6, 2011 2:51 AM by Leif Carlsson
Welcome to the forums.
What's your gateway-firewall device?
If it's an Airport-class or Time Capsule-class device, do you have MobileMe enabled? (If so, shut it off.)
For L2TP, you need UDP ports 500, 1701 and 4500 forwarded, and protocol 50 (not port 50) for ESP.
Keep your LAN out of the 192.168.0.0/24 and 192.168.1.0/24 IP address blocks, as having the same block on both ends messes up VPN routing, and given that those blocks are used everywhere.
Make sure you have one level of NAT here, at most. That's arguably one level too many, but one level tends to be necessary.
These configurations work better if you have a gateway device that has VPN capabilities, as the port pass-through stuff stinks large.
[Here is the official Apple well-known ports list (TS1629)|http://support.apple.com/kb/ts1629].
TCP port 1732 is used for PPTP and not L2TP, and that 47 is likely intended to be a protocol and not a port, and that is IP-GRE support for PPTP (and not L2TP).
It's usually easier to get PPTP to work.
If this machine is the Internet gateway/router/firewall and has a public IP on the WAN/Internet interface you might need the ESP protocol open but if it is behind a NAT router you don't.
If this machine instead is behind the Internet gateway/router/firewall and only has a private IP on the LAN you need, for L2TP, only the UDP ports Mr. Hoffman mentioned forwarded to the server IP.
For PPTP you always need GRE and TCP port 1723 (1732 must be a typo) open/"VPN passthrough"/forwarded.
I think it's becoming increasingly harder to get PPTP (incl. GRE) through many firewalls/routers if you try to connect to your VPN from another LAN.