- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Connecting to L2TP over IPSEC begind the Orbi SXR80
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connecting to L2TP over IPSEC begind the Orbi SXR80
I installed VPN Service on Windows Server 2023. Set it up. Type of connection is L2TP with user and code. The IP address of this server in local network is IP1. The IP address of my Orbi router in Intenet is IP2.
On my Orbi Router I added forwarding rule for this ports:
50, 51, 500, 4500, 1701-1704, 1723, 1724
External ports redirect to the same internal ports to IP1.
Then I created two VPN connections in my windows 11 laptop. One with IP1, and another with IP2. Credentials (user, password, code) are absolutelly the same.
If I'm in my local network and is connecting with VPN1 connection to IP1. Everything is Fine. Everythig setup fine, it seems that my laptop sees the VPN Server in the same local network.
But if I'm in Global Internet and try to connect with VPN2 to IP2, i can't do that.
What am I doing wrong? Which else ports should I redirect on my Orbi Router?
Thank You!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Connecting to L2TP over IPSEC begind the Orbi SXR80
Some details to check:
- Windows Firewall has separate rules for private and public connections. The LAN created by the router is a private IP subnet, typically 192.168.1.x. A connection from the internet will be a public connection. First step: check the Windows Firewall settings.
- The router address (IP2) must be a public IP address, not a private IP address
(https://en.wikipedia.org/wiki/Private_network )
When a customer router is connected to an ISP device that is also a router, the ISP router will assign the customer router a private IP address. a "Double NAT" condition. This interferes with a number of specific applications, including VPN. - Those appear to be the correct ports. Some require TCP and some require UDP. (I believe the most common practice is to forward both TCP and UDP.)
It is creative to host a VPN server on a device within the LAN. As you are probably aware, the SXR80 router has a feature to create an OpenVPN host, which will allow access to every device on the LAN. See page 112 of the User Manual:
https://www.downloads.netgear.com/files/GDC/SXK80/Orbi_Pro_WiFi_6_UM_EN.pdf This feature would be affected by Double NAT the same way that a the Windows server VPN would be.