Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: spincast
spincast Author
User level: Level 1
5 points

Accessing Home VPN Server through Time Capsule NAT

I have a Synology NAS system that is running a VPN server for me that I would like to access remotely. I am using ATT Uverse service, configured to DMZ to a Time Capsule which I use as my home router. It worked for a little while, then all of a sudden just stopped. The configuration is:


Internet --> UVerse RG --(DMZ Mode)--> Time Capsule --> VPN Server


I can not seem to reliably access my VPN server from outside through the Time Capsule. I can access it just fine when I'm on my home network, and I can access the web services of the NAS drive remotely also. It seems the Time Capsule has a problem allowing my VPN connection through its firewall. I'm running an L2TP server and have ports 500, 1701, and 4500 open (UDP) on the TC. When I try to log in remotely I can't access the VPN server.


Interesting note: I had trouble with this initially and made it work by creating three separate line items in the port forwarding list. One for 500, one for 1701, and one for 4500. When I tried making a single line item for all three in Airport utility it did not work.


Any ideas here would be great.

Time Capsule 802.11n (1st Gen)

Posted on Apr 24, 2014 9:47 AM

Reply
1 reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,208 points

Apr 24, 2014 2:50 PM in response to spincast

DMZ comes in a number of styles and types.. not all work well.


There is a good chance some ports may have already been used by BTMM if you happen to have that setup on a computer in the network or the TC.


See the list from Apple.


http://support.apple.com/kb/HT6175?viewlocale=en_US


Both 500 and 4500 are allocated to BTMM.


Once a port is allocated it cannot be reallocated even with DMZ.


That is one of the limitations of the NAT system.. and why we need to move to ipv6 and have public addressable IP on everything.


I would bridge the TC and use the Uverse for main router.. you are just making the setup more complicated than is already a problem.. If you really want to clean it up, get a plain bridge modem from ATT and use a proper VPN router.. do not use VPN to internal server.. VPN direct to the WAN of the Router.. it is much more reliable.. Internal VPN is fine to dial out, not to dial in.

Reply

Accessing Home VPN Server through Time Capsule NAT

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up