Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Posted Mar 4, 2014
11:56:20 AM
View profile
Connect to home L2TP VPN not working

I am trying to set up an L2TP VPN connection to connect to my Synology box when I am travelling. For some reason I am having getting through to it from outside my home (U-verse) network. I can access it remotely using PPTP, but I can't when I try L2TP. I know the Synology box is working fine since I can connect via L2TP when I am on my home network.

I have opened UDP ports 500, 1701, 4500 (and 5500 for good measure) on the U-Verse RG, and deactivated "Stealth Mode", "Block Ping", and "Strict UDP Session Control". Still nothing.

Any ideas on what I'm doing wrong would be hot.

Thanks.

I am trying to set up an L2TP VPN connection to connect to my Synology box when I am travelling. For some reason I am having getting through to it from outside my home (U-verse) network. I can access it remotely using PPTP, but I can't when I try L2TP. I know the Synology box is working fine since I can connect via L2TP when I am on my home network.

I have opened UDP ports 500, 1701, 4500 (and 5500 for good measure) on the U-Verse RG, and deactivated "Stealth Mode", "Block Ping", and "Strict UDP Session Control". Still nothing.

Any ideas on what I'm doing wrong would be hot.

Thanks.

Connect to home L2TP VPN not working

909 views
4 replies
(0) Me too
(0) Me too
Reply
View all replies
(4)
0
(0)
  • Rate this reply
View profile
Mar 4, 2014 5:36:06 PM
0
(0)
Expert

L2TP-IPSec requires not only UDP port 500 and sometimes 4500, but also requires IPSec, which uses IP type 50 (encapsulated security protocol, ESP).

The U-Verse RGs do not have a firewall configuration option to allow inbound ESP.  Thus, an L2TP-IPSec VPN is not possible with the U-Verse RGs with their default configuration.

However, there are two work-arounds:

1. Use DMZPlus mode with the Internet IP address assigned to the Synology.  Configure the DMZPlus mode in accordance with:

http://forums.att.com/t5/Residential-Gateway/U-verse-for-BUSINESS-2Wire-3600HGV-bridge-mode-or-anoth...

 

2. Purchase static IP addresses, and use one of the static IPs on the Synology.

 

 

L2TP-IPSec requires not only UDP port 500 and sometimes 4500, but also requires IPSec, which uses IP type 50 (encapsulated security protocol, ESP).

The U-Verse RGs do not have a firewall configuration option to allow inbound ESP.  Thus, an L2TP-IPSec VPN is not possible with the U-Verse RGs with their default configuration.

However, there are two work-arounds:

1. Use DMZPlus mode with the Internet IP address assigned to the Synology.  Configure the DMZPlus mode in accordance with:

http://forums.att.com/t5/Residential-Gateway/U-verse-for-BUSINESS-2Wire-3600HGV-bridge-mode-or-another-AT-amp/m-p/2707755#M182

 

2. Purchase static IP addresses, and use one of the static IPs on the Synology.

 

 

Re: Connect to home L2TP VPN not working

2 of 5 (891 Views)
0
(0)
  • Rate this reply
View profile
Mar 5, 2014 9:51:44 AM
0
(0)
Contributor

Thanks Joe, I was afraid of something like this.

 

I had thought of setting up DMZ mode, but I was afraid of losing some of the capabilities I like in other areas. Do you happen to know if it's possible to set up other addresses between the DMZ'd uverse box and my router? Essentially I want to set up the following:

 

Internet --> UVerse RG --(DMZ)--> My Router --> NAT'd wired/wireless network

                           |

                           |

                          V

                      UVerse RG 802.11g --> open network

 

Basically I'd like to set up 2 networks without having to buy a new router. I would like to have the RG in DMZ mode to my router (a 1st gen Apple Time Capsule), and keep all of my home network stuff (including my Synology box) behind that Time Capsule. And at the same time use the built-in wireless from the RG to provide an open network that I can share with guests. This way, guests never see my personal network, and I don't have to hand out passwords everytime someone needs to use my Internet connection.

Thanks Joe, I was afraid of something like this.

 

I had thought of setting up DMZ mode, but I was afraid of losing some of the capabilities I like in other areas. Do you happen to know if it's possible to set up other addresses between the DMZ'd uverse box and my router? Essentially I want to set up the following:

 

Internet --> UVerse RG --(DMZ)--> My Router --> NAT'd wired/wireless network

                           |

                           |

                          V

                      UVerse RG 802.11g --> open network

 

Basically I'd like to set up 2 networks without having to buy a new router. I would like to have the RG in DMZ mode to my router (a 1st gen Apple Time Capsule), and keep all of my home network stuff (including my Synology box) behind that Time Capsule. And at the same time use the built-in wireless from the RG to provide an open network that I can share with guests. This way, guests never see my personal network, and I don't have to hand out passwords everytime someone needs to use my Internet connection.

Re: Connect to home L2TP VPN not working

3 of 5 (876 Views)
0
(0)
  • Rate this reply
View profile
Mar 5, 2014 12:14:58 PM
0
(0)
ACE - Expert

Yes, you can do what you describe.

Yes, you can do what you describe.

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Connect to home L2TP VPN not working

4 of 5 (869 Views)
0
(0)
  • Rate this reply
View profile
Mar 5, 2014 7:18:40 PM
0
(0)
Expert
Edited by SomeJoe7777 on Mar 5, 2014 at 7:19:16 PM

Yes, this setup will work to separate your home network from guests.  However, in order to get the Synology to respond to inbound L2TP-IPSec, you'll have to configure the Time Capsule for that. I have zero knowledge of anything Apple, so I have no idea if the Time Capsule is capable of this or not.

 

Yes, this setup will work to separate your home network from guests.  However, in order to get the Synology to respond to inbound L2TP-IPSec, you'll have to configure the Time Capsule for that. I have zero knowledge of anything Apple, so I have no idea if the Time Capsule is capable of this or not.

 

Re: Connect to home L2TP VPN not working

[ Edited ]
5 of 5 (860 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post