NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBR760 Port Forwarding Port 4500
I’ve been struggling with this issue for weeks, and have made no progress, so hopefully someone can help. My network setup is a BT ONT feeding FTTP, with an Orbi RBR760 connected to the ONT as a ...
That message (thanks for posting the image) appears to indicate that after the router reboots, port 4500 will be forwarded to the Synology. Does that not happen? Forwarding ports does not normally require a reboot.
My searches turn up vague references to computers "behind a NAT" not working with L2P2 and concerns about L2P2 (such as Android not allowing it).
Q: Is L2P2 an absolute necessity? There are other VPNs which work quite well through Orbi routers (OpenVPN, Wireguard)
Q: OpenVPN allows the user to specify ports, which are then put into the configuration file. Does L2P2 have a similar capability?
Q: One suggestion I found was to put the L2P2 server (host?) in the router DMZ. This would expose every port on the Synology to the internet
Unfortunately after reboot it still doesn’t work, and I’ve tried adding the NAS to the DMZ, and that doesn’t work either.
L2TP is the VPN service which my Synology NAS offers which works for my needs (or at least would if I could get it working).
It’s what I’ve always used up until I got my Orbi.
Unfortunately there’s no way to change the ports being used, either on the Synology or the iOS clients I’m using.
L2TP is the VPN service which my Synology NAS offers which works for my needs (or at least would if I could get it working).
It’s what I’ve always used up until I got my Orbi.
Unfortunately there’s no way to change the ports being used, either on the Synology or the iOS clients I’m using.
Oh, geez. Does L2TP offer needed features that other VPNs do not? (That seems to be the crux of the matter. There are multiple ways to implement other VPNs, including using OpenVPN built into the router.)
Synology claims to support multiple VPN types:
https://www.synology.com/en-us/dsm/packages/VPNCenter
If the Synology is put in the DMZ, then ports should not be forwarded through the Orbi at the same time. (Either one or the other. Not both.)
If Netgear accepts support requests, are you still within the 90 day window of complimentary support? Perhaps you could return the 750 package and purchase a different mesh WiFi system.
- I tried the built in OpenVPN when I first got the Orbi, but it seemed to have issues with enabling me to connect to my servers securely (they’re using certificates signed by a custom CA, which my devices trust, but I couldn’t make secure connections to the through the OpenVPN)
I could try OpenVPN direct to the Synology and see if that works, but it feels like it should be possible to get the port forwarding on port 4500 working so that shouldn’t need to be the solution.
Yes, I removed the port forwards when I set up the DMZ.
Unfortunately I’m well beyond the 90 days, which was why Netgear Support was only able to tell me the issue was that NAT Traversal Traffic uses port 4500, but not how to fix it.
abright wrote:
I tried the built in OpenVPN when I first got the Orbi, but it seemed to have issues with enabling me to connect to my servers securely (they’re using certificates signed by a custom CA, which my devices trust, but I couldn’t make secure connections to the through the OpenVPN)What type of connection do these servers require?
The reason for the question is my (primitive) understanding of VPN is that the certificates and encryption used to build the tunnel are separate from the encryption used by application programs. When a person subscribes to a VPN platform (Nord VPN, Express VPN, etc. etc.) that creates a tunnel through the internet to the server farm (or farms for global services). If the user opens a web browser and opens https web sites, the SSL certificate of each web site is used to encrypt packets between the web browser and each web site. This is sort of like putting a message inside an envelop to prevent anyone from reading it (as opposed to a post card). The message itself can also be encrypted.
Netgear's implementation of OpenVPN Host (not client) does the same thing.
For sure OpenVPN does not have that port 4500 issue. It uses only a single port (for TCP and a different port for UDP)