Orbi WiFi 7 RBE973
Reply

Connecting to L2TP over IPSEC begind the Orbi SXR80

ecolora
Follower

Connecting to L2TP over IPSEC begind the Orbi SXR80

I installed VPN Service on Windows Server 2023. Set it up. Type of connection is L2TP with user and code. The IP address of this server in local network is IP1. The IP address of my Orbi router in Intenet is IP2.

 

On my Orbi Router I added forwarding rule for this ports:

50, 51, 500, 4500, 1701-1704, 1723, 1724

 

External ports redirect to the same internal ports to IP1.

 

Then I created two VPN connections in my windows 11 laptop. One with IP1, and another with IP2. Credentials (user, password, code) are absolutelly the same.

 

 

If I'm in my local network and is connecting with VPN1 connection to IP1. Everything is Fine. Everythig setup fine, it seems that my laptop sees the VPN Server in the same local network.

 

But if I'm in Global Internet and try to connect with VPN2 to IP2, i can't do that.

 

What am I doing wrong? Which else ports should I redirect on my Orbi Router? 

Thank You!

Message 1 of 2
CrimpOn
Guru

Re: Connecting to L2TP over IPSEC begind the Orbi SXR80

Some details to check:

 

  • Windows Firewall has separate rules for private and public connections.  The LAN created by the router is a private IP subnet, typically 192.168.1.x.  A connection from the internet will be a public connection.  First step: check the Windows Firewall settings.
  • The router address (IP2) must be a public IP address, not a private IP address
    (https://en.wikipedia.org/wiki/Private_network )
    When a customer router is connected to an ISP device that is also a router, the ISP router will assign the customer router a private IP address. a "Double NAT" condition.  This interferes with a number of specific applications, including VPN.
  • Those appear to be the correct ports. Some require TCP and some require UDP.  (I believe the most common practice is to forward both TCP and UDP.)

It is creative to host a VPN server on a device within the LAN.  As you are probably aware, the SXR80 router has a feature to create an OpenVPN host, which will allow access to every device on the LAN. See page 112 of the User Manual:

https://www.downloads.netgear.com/files/GDC/SXK80/Orbi_Pro_WiFi_6_UM_EN.pdf   This feature would be affected by Double NAT the same way that a the Windows server VPN would be.

Message 2 of 2
Discussion stats
  • 1 reply
  • 301 views
  • 0 kudos
  • 2 in conversation
Announcements