03-04-2014 11:56 AM
I am trying to set up an L2TP VPN connection to connect to my Synology box when I am travelling. For some reason I am having getting through to it from outside my home (U-verse) network. I can access it remotely using PPTP, but I can't when I try L2TP. I know the Synology box is working fine since I can connect via L2TP when I am on my home network.
I have opened UDP ports 500, 1701, 4500 (and 5500 for good measure) on the U-Verse RG, and deactivated "Stealth Mode", "Block Ping", and "Strict UDP Session Control". Still nothing.
Any ideas on what I'm doing wrong would be hot.
03-04-2014 5:36 PM
L2TP-IPSec requires not only UDP port 500 and sometimes 4500, but also requires IPSec, which uses IP type 50 (encapsulated security protocol, ESP).
The U-Verse RGs do not have a firewall configuration option to allow inbound ESP. Thus, an L2TP-IPSec VPN is not possible with the U-Verse RGs with their default configuration.
However, there are two work-arounds:
1. Use DMZPlus mode with the Internet IP address assigned to the Synology. Configure the DMZPlus mode in accordance with:
2. Purchase static IP addresses, and use one of the static IPs on the Synology.
03-05-2014 9:51 AM
Thanks Joe, I was afraid of something like this.
I had thought of setting up DMZ mode, but I was afraid of losing some of the capabilities I like in other areas. Do you happen to know if it's possible to set up other addresses between the DMZ'd uverse box and my router? Essentially I want to set up the following:
Internet --> UVerse RG --(DMZ)--> My Router --> NAT'd wired/wireless network
UVerse RG 802.11g --> open network
Basically I'd like to set up 2 networks without having to buy a new router. I would like to have the RG in DMZ mode to my router (a 1st gen Apple Time Capsule), and keep all of my home network stuff (including my Synology box) behind that Time Capsule. And at the same time use the built-in wireless from the RG to provide an open network that I can share with guests. This way, guests never see my personal network, and I don't have to hand out passwords everytime someone needs to use my Internet connection.
03-05-2014 12:14 PM
Yes, you can do what you describe.
03-05-2014 7:18 PM - edited 03-05-2014 7:19 PM
Yes, this setup will work to separate your home network from guests. However, in order to get the Synology to respond to inbound L2TP-IPSec, you'll have to configure the Time Capsule for that. I have zero knowledge of anything Apple, so I have no idea if the Time Capsule is capable of this or not.