User profile for user: Rockille
Rockille Author
User level: Level 1
0 points

AirPort Extreme (5th gen) and connection to a VPN.

Struggling to setup VPN on my work laptop (Windows 7) - trying to connect to work from home via the AirPort Extreme (Firmware is 7.6).


Error is:

Connecting to XXXXXX using 'WAN Miniport (L2TP)'

Error 800: The remote connection was not made because the VPN tunnels failed...etc.


If I put my old Netgear router in place it all works fine, so it is clearly a setup issue with the new Airport.


After reading various posts I have done the following:

1) My laptop is 192.168.1.6 (DHCP) - this is entered in the Internet>NAT>Default host box on AirPort utility.

2) I've setup port mappings:

Public TCP Ports 1701, 1723

Public UDP Ports 500, 1701, 1723, 4500

Private ip adddress: 192.168.1.6

Private TCP Ports 1701, 1723

Private UDP Ports 500, 1701, 1723, 4500

3) Mobileme is not setup with anything


Using port scanning sites the port forwarding doesn't seem to be working?


Not sure what else to try - help!!

Posted on Dec 7, 2011 1:37 PM

Reply
6 replies
User profile for user: Tesserax
Tesserax
User level: Level 10
158,208 points

Dec 7, 2011 2:02 PM in response to Rockille


After reading various posts I have done the following:

1) My laptop is 192.168.1.6 (DHCP) - this is entered in the Internet>NAT>Default host box on AirPort utility.

2) I've setup port mappings:

Public TCP Ports 1701, 1723

Public UDP Ports 500, 1701, 1723, 4500

Private ip adddress: 192.168.1.6

Private TCP Ports 1701, 1723

Private UDP Ports 500, 1701, 1723, 4500


When you configured your PC to be the Default Host, port mapping has no meaning as all ports on the router are open to the PC.


The key is that the AirPorts (and a number of other manufacturers' Internet routers) are basically VPN pass-through devices. That means that they are neither a VPN server nor an end-point. They merely allow VPN traffic to transition the router "untouched." Here "VPN pass-through" means that the AirPort will allow 'encrypted' (read: encoded) tunnels through its NAT firewall. There should be no need to configure the VPN client as a Default Host or for port mapping.


As you are probably already aware, establishing a site-to-site VPN tunnel, requires two basic steps: 1) The VPN client contacts a VPN server to get authenticated, and 2) A secure VPN tunnel is created between those two devices. This is typically done using the IPSec tunneling protocol. (Note: For Remote Access type VPNs, which rely on PPP, use the PPTP or L2TP tunneling protocols instead.)


Ok, why did I bring that all up? To successfully create a VPN tunnel, a number of communications have to occur between the VPN client and the VPN server. All of these require certain ports to be open on the router's firewall. Again, by default, the AirPorts do not block any of the common tunneling protocols (IPSec, PPTP, or L2TP).


For reference, the VPN tunneling protocols use the following ports:

  • IPSec/L2TP: UDP 500, UDP 4500
  • PPTP: TCP 1723
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

AirPort Extreme (5th gen) and connection to a VPN.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up