NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Port Forwarding for IPsec
I don't want to use the built in vpn server and I've set up a RAS server at home and I can successfully connect to it locally using either PPTP or L2TP/IPsec. I've also created a port forwarding rule in the orbi to forward tcp/1723 for PPTP and I can successfully connect to it from a remote location.
IPsec requires IP protocol 50 for Encapsulated Security Protocol (ESP) and IP protocol 51 for Authentication Header (AH), as well as UDP/500. How can I forward this traffic through the ORBI? I would prefer to just use L2TP/IPsec.
5 Replies
Have you tried creating rules for these ports just as you did for the PPTP?
When creating rules, I ignore the drop down menu and create everything as a "Custom Rule". Give it a cool name, enter the port, select TCP and/or UDP.
Well, that is actually the problem. The custom rule only allows you to select ports in Protocol 6 (TCP) and Protocol 17 (UDP). IPSec uses Protocol 50 (ESP) and Protocol 51 (AH).
Here is a nice summary:
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
I saw the dropdown had a pre-defined rule for PPTP, which can be config'd using the custom rules. If the custom rules won't allow you to configure IPsec, it would be nice if it was included in the pre-defined dropdown.
Of course, you are correct. (I now have a Dunce Cap for every day of the week!) Looks like you are stuck with either PPTP on the RAS or OpenVPN (on the Orbi itself). I have been very happy with OpenVPN on my Orbi.
Perhaps you could hack at the iptables. I know that Voxel's custom firmware for the RBR50 allows customizing iptables. (I am also happy with this firmware. Probably fat and dumb as well.)
