2 Replies Latest reply: Mar 21, 2013 6:00 AM by UptimeJeff
tdudley55555 Level 1 Level 1 (0 points)

I have two laptops that all I want is to have them able to VPN to my server.  When the laptops are on my network, they are able to network in and see the server.   But when I go to Starbucks or McD's, I can connect to their network but I cannot VPN into my server.  I am getting a message that LT2?? - VPN, of course I cannot remember exactly what the message said but, it does not work.  I have changed the ports on the time capsule to 80, 1723 and something that is 4500.  As you can tell I am NO expert but would like to understand what I am doing wrong.


I have CenturyLink and a time capsule that I have to pass through just to get to the server.  What else am I missing?

OS X Mountain Lion (10.8.2)
  • ebrind Level 1 Level 1 (15 points)



    If your trying to connect using L2TP then you need ports 500 UPD, 1701 UDP and 4500 UDP forwarded to your server.


    If your using PPTP on Client side then all you need is port 1723.


    Try creating a PPTP connection on your computer and see if you can connect.





  • UptimeJeff Level 4 Level 4 (3,390 points)

    Good advice from ebrind


    I'll add to it:


    - what IP address does your time capsule have?

         If your CenturyLink provides NAT and your Time Capsule is also setup for NAT, you will need to reconfigure either the TC or the CenturyLink to bridge mode and set the port forwarding in the device providing NAT.


    - do you see any activity in the VPN Log?


    - Your VPN server address which you set in your laptop should be the public address of your network, not the LAN address


    - If you do make a successful VPN connection, don't expect to see the server like you do when you are on the LAN. If the LAN address of your server is, you'll need to connect to:   afp://  (after a successful VPN connection)


    - Lastly, do you need VPN? If you just need access to your files from the server, you can do this without VPN. Depending on your security requirements, you can simply map port 548 and access with:  afp://[public-ip]   or use webdav with SSL.