Helpful Links

Connect to home L2TP VPN not working


Connect to home L2TP VPN not working

I am trying to set up an L2TP VPN connection to connect to my Synology box when I am travelling. For some reason I am having getting through to it from outside my home (U-verse) network. I can access it remotely using PPTP, but I can't when I try L2TP. I know the Synology box is working fine since I can connect via L2TP when I am on my home network.

I have opened UDP ports 500, 1701, 4500 (and 5500 for good measure) on the U-Verse RG, and deactivated "Stealth Mode", "Block Ping", and "Strict UDP Session Control". Still nothing.

Any ideas on what I'm doing wrong would be hot.


Message 1 of 5

Re: Connect to home L2TP VPN not working

L2TP-IPSec requires not only UDP port 500 and sometimes 4500, but also requires IPSec, which uses IP type 50 (encapsulated security protocol, ESP).

The U-Verse RGs do not have a firewall configuration option to allow inbound ESP.  Thus, an L2TP-IPSec VPN is not possible with the U-Verse RGs with their default configuration.

However, there are two work-arounds:

1. Use DMZPlus mode with the Internet IP address assigned to the Synology.  Configure the DMZPlus mode in accordance with:


2. Purchase static IP addresses, and use one of the static IPs on the Synology.



Message 2 of 5

Re: Connect to home L2TP VPN not working

Thanks Joe, I was afraid of something like this.


I had thought of setting up DMZ mode, but I was afraid of losing some of the capabilities I like in other areas. Do you happen to know if it's possible to set up other addresses between the DMZ'd uverse box and my router? Essentially I want to set up the following:


Internet --> UVerse RG --(DMZ)--> My Router --> NAT'd wired/wireless network




                      UVerse RG 802.11g --> open network


Basically I'd like to set up 2 networks without having to buy a new router. I would like to have the RG in DMZ mode to my router (a 1st gen Apple Time Capsule), and keep all of my home network stuff (including my Synology box) behind that Time Capsule. And at the same time use the built-in wireless from the RG to provide an open network that I can share with guests. This way, guests never see my personal network, and I don't have to hand out passwords everytime someone needs to use my Internet connection.

Message 3 of 5
ACE - Expert

Re: Connect to home L2TP VPN not working

Yes, you can do what you describe.

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 4 of 5

Re: Connect to home L2TP VPN not working

Yes, this setup will work to separate your home network from guests.  However, in order to get the Synology to respond to inbound L2TP-IPSec, you'll have to configure the Time Capsule for that. I have zero knowledge of anything Apple, so I have no idea if the Time Capsule is capable of this or not.


Message 5 of 5
Share this topic

Learn how connect your AT&T holiday gifts at Unwrapped on Wednesday, 12/27 (1-4pm ET)!

Additional Support