×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

allow connection to L2TP VPN server in network (enable ESP protocol)

wvk
Aspirant
Aspirant
‎2016-12-04 10:30 AM
‎2016-12-04 10:30 AM

allow connection to L2TP VPN server in network (enable ESP protocol)

I have a server in my network (Apple Mac Mini), which has a L2TP VPN server running.

My old router had forwarded these UDP ports to that VPN server: 500, 1701 and 4500.

And: the IP-ESP protocol, which is IP protocol 50; ESP.

This worked fine.

 

In the new situation, the Orbi (RBK50, firmware 1.4.0.16) sits behind the router, as an exposed host.

The UDP ports (500,1701,4500) have been forwarded to the VPN server.

I am not able to forward the ESP protocol?

 

When making a connection from the client, the connection times out.

I do not see messages in the Orbi log.

 

Any suggestions?

 

Details about the Apple instructions:

https://discussions.apple.com/thread/3142791?tstart=0

 

I checked:

http://kb.netgear.com/966/Troubleshooting-VPN-passthrough-for-home-routers

(and to test I enabled "respond to ping on internet port")

 

I do not want to use the Orbi VPN server (openvpn).

Model: Orbi High-Performance AC3000 Tri-Band WiFi System (RBK50)
Message 1 of 4
0 Kudos
Reply

Accepted Solutions
peteytesting
Hero
Hero
‎2016-12-04 10:49 AM
‎2016-12-04 10:49 AM

Re: allow connection to L2TP VPN server in network (enable ESP protocol)

hi

 

when you sat the orbi sits behine another router is the orbi still running in router mode as well as if so you have dual wan

 

to avoid the dual wan ether put the orbi in AP mode or bridge the up stream router

 

of just connect thenvpn server to the up stream router and not the orbi

 

you can port forward through 2 routers but its a pain in the ass

 

here is a guide to forward through 2 routers

 

https://portforward.com/help/doublerouterportforwarding.htm

View solution in original post

Message 2 of 4
0 Kudos
Reply

All Replies
peteytesting
Hero
Hero
‎2016-12-04 10:49 AM
‎2016-12-04 10:49 AM

Re: allow connection to L2TP VPN server in network (enable ESP protocol)

hi

 

when you sat the orbi sits behine another router is the orbi still running in router mode as well as if so you have dual wan

 

to avoid the dual wan ether put the orbi in AP mode or bridge the up stream router

 

of just connect thenvpn server to the up stream router and not the orbi

 

you can port forward through 2 routers but its a pain in the ass

 

here is a guide to forward through 2 routers

 

https://portforward.com/help/doublerouterportforwarding.htm

Message 2 of 4
0 Kudos
Reply
wvk
Aspirant
Aspirant
‎2016-12-04 12:10 PM
‎2016-12-04 12:10 PM

Re: allow connection to L2TP VPN server in network (enable ESP protocol)

My setup:

internet --> FritzBox router --> Orbi --> LAN

 

Yes, the Orbi was still in router mode. 

I had disabled DHCP on the Fritzbox router, and set up the Orbi as an exposed host.

Basically, making the Fritzbox as "dumb" as possible, and giving the Orbi all the router responsibilities.

 

Good point about switching to AP mode. This is an acceptable workaround for now.

 

Would still be interested in knowing how to solve it in router mode: port forward the ESP protocol.

 

Message 3 of 4
0 Kudos
Reply
peteytesting
Hero
Hero
‎2016-12-04 12:28 PM
‎2016-12-04 12:28 PM

Re: allow connection to L2TP VPN server in network (enable ESP protocol)

@wvk wrote:

My setup:

internet --> FritzBox router --> Orbi --> LAN

 

Yes, the Orbi was still in router mode. 

I had disabled DHCP on the Fritzbox router, and set up the Orbi as an exposed host.

Basically, making the Fritzbox as "dumb" as possible, and giving the Orbi all the router responsibilities.

 

Good point about switching to AP mode. This is an acceptable workaround for now.

 

Would still be interested in knowing how to solve it in router mode: port forward the ESP protocol.

 

you would need to follow the guide i posted above as even though you disabled the dhcp in the fritz its still doing nat and thus anything behind the orbi would be in dual nat and require anything and everything to be port forwarded twice as per the link

 

however as suggested if you connected the vpn server to the fritz you would just forward it on it , the downside there is anything connected to the fritz would not be able to see things connected to the orbi

 

the issue with dmz on most domestic routers is it doesnt live on the outside of the NAT like commercial stuff does , also be aware if you port forward something you need to disable its UPnP as otherwise they would clash

 

you prob have far better access control with the fritz anyway so leave it doing all the routing and just disable its wifi and let the orbi do the wifi and media bridge work in AP mode

 

just note that in AP mode you can not isolate guest wifi from the main wifi

Message 4 of 4
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2016-12-04 10:30 AM
  • 7333 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7