How do I port forward to make l2tp work?

[nomnomnom]

I have a l2tp server running on a local client. I can connect to it from my iphone when I am on the same network.

I can't connect to it when outside of the network, but I already forwarded 500 1701 4500 UDP to the local machine.

Anything else I am missing?

 

[martinr]

Why not set up an OpenVPN Server on your router and use that to access your LAN and thereby avoid having various open WAN ports degrading your security?

 

[Zonkd]

I have a l2tp server running on a local client. I can connect to it from my iphone when I am on the same network.

I can't connect to it when outside of the network, but I already forwarded 500 1701 4500 UDP to the local machine.

Anything else I am missing?

On iPhone configuration (Settings > VPN > Add VPN Configuration : Type L2TP) for the Server field did you specify the local IP address of the VPN server? Or did you fill in the DDNS hostname?

From ASUS WebUI check that WAN / NAT Passthrough / L2TP Passthrough : Enabled

According to NETGEAR forum it looks like you forwarded all the necessary ports. They mentioned ESP IP Protocol 50 but that isn't a port and IDK what to do with that. I've never configured L2TP, I stick with OpenVPN.

Source: L2TP Port Forwarding NETGEAR Nighthawk

I know I am not using a NetGear Router but I do have a MacOS Server behind my Cisco router and experienced the same problem. I did the following port-forwarding and firewall rules to get it working.

Port Forwarding:

L2TP UDP Port 1701 >> MacOS Server running VPN Server

ISAKMP UDP Port 500 >> MacOS Server running VPN Server

IPSEC-UDP-ENCAP Port 4500 >> MacOS Server running VPN Server

ESP IP Protocol 50 >> MacOS Server running VPN Server

Firewall Access Rules

WAN1 >> L2TP UDP Port 1701 >> VLAN1 >> MacOS Server running VPN Server

WAN1 >> ISAKMP UDP Port 500 >> VLAN1 >> MacOS Server running VPN Server

WAN1 >> IPSEC-UDP-ENCAP Port 4500 >> VLAN1 >> MacOS Server running VPN Server

WAN1 >> ESP IP Protocol 50 >> VLAN1 >> MacOS Server running VPN Server

Note that ESP IP Protocol 50 is not a port. Here is a description from NetGear documentation: ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection.

Hope this helps in your situation.

 

[nomnomnom]

On iPhone configuration (Settings > VPN > Add VPN Configuration : Type L2TP) for the Server field did you specify the local IP address of the VPN server? Or did you fill in the DDNS hostname?

From ASUS WebUI check that WAN / NAT Passthrough / L2TP Passthrough : Enabled

According to NETGEAR forum it looks like you forwarded all the necessary ports. They mentioned ESP IP Protocol 50 but that isn't a port and IDK what to do with that. I've never configured L2TP, I stick with OpenVPN.

Source: L2TP Port Forwarding NETGEAR Nighthawk

I'm using DDNS hostname not ip

I've checked passthrough enabled.

Any other ideas?

 

[Zonkd]

I'm using DDNS hostname not ip

I've checked passthrough enabled.

Any other ideas?

No other ideas from me sorry.