NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RS700 - passing L2TP traffic to internal server
[NOTE: I am preconfiguring an RS700 on my local LAN so I can send it to a remote family member. Hence, the "external" address of the RS700 is a private address (192.168.3.155); the LAN/internal address range for the RS700 is 192.168.10.x]
I'm running an RS700 and am trying to pass through L2TP VPN traffic to a Synology server (192.168.10.5) and let it manage the VPN.
RS700 Firmware: V1.0.9.16_2.0.106
I have configured Port Forwarding for UDP 500, 1701 & 4500, and designated the internal IP as 192.168.10.5 (Synology server).
When I try to connect to 192.168.3.155 from 192.168.3.151, I receive an "L2TP VPN server did not respond" message.
Expected behavior is that the traffic will get forwarded to the Synology server and the VPN login will be processed successfully. I have verified correct login credentials by connecting to the Synology VPN from the 192.168.10.x network.
Any ideas?
Logs indicate:
Mon Nov 17 19:13:07 2025 : publish_entry SCDSet() failed: Success!
Mon Nov 17 19:13:07 2025 : publish_entry SCDSet() failed: Success!
Mon Nov 17 19:13:07 2025 : l2tp_get_router_address
Mon Nov 17 19:13:07 2025 : l2tp_get_router_address 192.168.3.1 from dict 1
Mon Nov 17 19:13:07 2025 : L2TP connecting to server '192.168.3.155' (192.168.3.155)...
Mon Nov 17 19:13:07 2025 : IPSec connection started
Mon Nov 17 19:13:07 2025 : IPSec phase 1 client started
Mon Nov 17 19:13:18 2025 : IPSec connection failed
I greatly appreciate the help everyone!
Following StephenB's comment about trying to forward Port 5000 (and 5001 for https administration), I neither worked. Doubtful that it would be a Netgear bug, I went down the path of starting from scratch with the network connectivity. The issue (please don't kill me) is that I had the Synology server connected (via ethernet) to both the 192.168.3.x and 192.168.10.x networks (multiple ethernet ports in the Synology). Once I disconnected the 192.168.3.x ethernet, everything worked as expected.
Thanks for your help! Apologies if this is a rookie mistake...
17 Replies
Is this a double NAT issue?
The RS700 router is the only router involved in this activity, so "One NAT" (not double)
Is there a log file on the Synology server?
Any specific reason to use L2TP rather than OpenVPN or PPTP?
I will look for the Synology logs.
The RS700 is replacing an R7800 that is working as desired (passing the L2TP traffic to the Synology).
I do need user-level access control to the VPN and it appears that the VPN capabilities of the RS700 don't provide that.
The L2TP might be replaced in the next 12 months, but the immediate need is to replace the R7800. I'd rather not replace the VPN technology at this time as that will require retraining technology challenged users.
p.s. When the RS700 arrives at the final destination, it will depend on what ISP device the RS700 connects to. (one NAT or two)
It will be replacing an existing R7800 so I'm not expecting any issues as long as I can get the VPN connectivity working.
If you have the RS behind the R7800, try using the R7800 DMZ for the RS router in router mode.
Does the RS not work in place of the R7800?
Can you configure the RS router for AP mode, disable the wifi radios on the R7800 and see if the passing of L2TP traffic works in that configuration?
I have configured Port Forwarding for UDP 500, 1701 & 4500, and designated the internal IP as 192.168.10.5 (Synology server).
When I try to connect to 192.168.3.155 from 192.168.3.151, I receive an "L2TP VPN server did not respond" message.L2TP NAT traversal requires IPsec NAT-T to be configured on the Synology. I suspect that might not have been set up correctly.
I think OpenVPN would be the best option here. PPTP isn't very secure, and should be avoided.
FWIW, I don't think this is a router issue. If you haven't posted this problem in the Synology forum, then that would be a good next step.
I greatly appreciate the help everyone!
Following StephenB's comment about trying to forward Port 5000 (and 5001 for https administration), I neither worked. Doubtful that it would be a Netgear bug, I went down the path of starting from scratch with the network connectivity. The issue (please don't kill me) is that I had the Synology server connected (via ethernet) to both the 192.168.3.x and 192.168.10.x networks (multiple ethernet ports in the Synology). Once I disconnected the 192.168.3.x ethernet, everything worked as expected.
Thanks for your help! Apologies if this is a rookie mistake...
Glad you got it working. Be sure to save off a back up configuration to file for safe keeping. Saves time if a reset is needed.
https://kb.netgear.com/24231/How-do-I-back-up-the-router-configuration-settings-on-my-Nighthawk-routerEnjoy. 📡
