Q: Airport Extreme and VPN Clients
I live in a dorm where I have to use a VPN-client to connect to the internet.
Could an Airport Extreme let me connect with the VPN Server?
I tried an airport extreme before and it didn't work, it wouldn't let me connect to the VPN server, so no internet possible.
Thanks in advance!
Airport Extreme, Mac OS X (10.7.3)
Posted on May 4, 2012 11:29 AM
The key is that the AirPorts (and a number of other manufacturers' Internet routers) are basically VPN pass-through devices. That means that they are neither a VPN server nor an end-point. They merely allow VPN traffic to transition the router "untouched." Here "VPN pass-through" means that the AirPort will allow 'encrypted' (read: encoded) tunnels through its NAT firewall. The AirPorts support pass-through for IPSec, PPTP, and L2TP-based VPN clients ... but it does NOT support 100% of the VPN clients out there. Also note that this only is an issue if the AirPort has NAT enabled (which is its default configuration). If you have the AirPort configured as a bridge (because its behind the dorm's "main" router) then its NAT is disabled and it would be the dorm's router that may be preventing VPN pass-through. As you are probabaly already aware, establishing a site-to-site VPN tunnel, requires two basic steps: 1) The VPN client contacts a VPN server to get authenticated, and 2) A secure VPN tunnel is created between those two devices. This is typically done using the IPSec tunneling protocol. (Note: For Remote Access type VPNs, which rely on PPP, use the PPTP or L2TP tunneling protocols instead.) Ok, why did I bring that all up? To successfully create a VPN tunnel, a number of communications have to occur between the VPN client and the VPN server. All of these require certain ports to be open on the router's firewall. Again, by default, the AirPorts do not block any of the common tunneling protocols (IPSec, PPTP, or L2TP). For reference, the VPN tunneling protocols use the following ports:
Posted on May 4, 2012 11:42 AM