VPN and port-forwarding?

Question

Level 2

461 points

VPN and port-forwarding?

Hi,

I have a machine at home running Leopard Server that is connected to the internet via a Time Capsule and an ADSL router. I've set up VPN using L2TP/IPSEC and a shared secret. When on the LAN, I can set up a VPN connection. However, this doesn't work from the internet, even though I've forwarded UDP ports 500, 1701 and 4500, as well as TCP 1723 through both routers. Are there any ports that I've missed?

Ben

Message was edited by: Ben S.

MacBook Intel Core Duo 2GHz, Mac OS X (10.5.6)

Posted on Apr 11, 2009 3:04 AM

Reply

Answer 1

Apr 12, 2009 2:29 AM in response to Ben S.

Multiple NAT routers might be your problem. Stay away from that if possible.

Does the first router have a VPN server (IPSec) built in? If so it might prevent you from getting UDP port 500 through.

Also look for a VPN passthrough setting. Sometimes newer firmware does the trick.

And TCP 1723 is for PPTP VPN which also needs GRE protocol passthrough.

Then look for firewall settings (what make / model is the first router?).

Reply

Answer 2

Ben S. Author

Level 2

461 points

Apr 12, 2009 3:09 AM in response to Leif Carlsson

Hi Leif,

I could move the server in front of the TimeCapsule, but that's going to mean quite a bit of change to my DNS settings, so I'd rather avoid it.

The first router is a Thomson ST780WLDX, which is described here:

http://www.thomson.net/GlobalEnglish/customer-service/SpeedTouchDocuments/xDSLGA -VoIPDatasheet_thomson_st780WL_DXT_LR_en022008.pdf

There's no mention of a VPN server, but it does say something about VPN pass-through. I'm not sure where to look for the pass-through setting on the router configuration, though.

Ben

Reply