wireless
10-26-2018, 09:44 PM
TL-R600VPN provides VPN servers for both PPTP and L2TP/IPSec ... I have been able to get the PPTP Server to work ... but .... L2TP (the preferred mode of of operation) is not working ... reading through the Telus Neighbourhood there seems to be a common thread of L2TP connection issues ... I haven't found anyone with a solution other then either changing Service Providers or Services ... Is there any notion of Telus providing a workable update for the T3200M or providing another modem that will provide a workable VPN solution?
Details:
T3200M F/W 31.164L.16 provides 3 options which theoretically should provide the ability for L2TP to work ... however ... all 3 options fail to work, each with their own quirks.
1) DMZ ... the T3200M is NOT providing a pure DMZ ... DMZ is supposed to be completely transparent to the downstream device ie this device should see the INTERNET IP address ... the T3200M is apparently still doing a NAT translation to an INTRANET IP Address assigned to the downstream device which I understand isn't allowed with the L2TP protocol (the TL-R600VPN explicitly states that in MUST NOT have a NAT between the Internet and the WAN port for L2TP to work)
2) under Firewall - Port Forwarding ... the T3200M can forward ports UDP 500 and UDP 4500, but doesn't provide any way to add a protocol 50 ESP
3) under Firewall - Applications ... the T3200M provides an IPSEC L2TP application that presumably provides the required port forwarding with rules that include the Protocol 50 ESP ... BUT ... looking at the port forwarding after this application is applied only shows port 500 was forwarded (suggesting the rules weren't fully applied) ... AND ... if the T3200M reboots, both the Application and the Port Forwarding settings are destroyed (if these settings aren't static, then Applications aren't reliable)
As stated above, PPTP does work but isn't recommended due to its known security vulnerabilities ... PPTP is provided via Advanced ALG PPTP Enable + Port Forwarding Port TCP 1723 to your VPN Server device
<UL>For PPTP: <UL>
<FONT size="1" face="Verdana">IP Protocol=TCP, TCP Port number=1723
Details:
T3200M F/W 31.164L.16 provides 3 options which theoretically should provide the ability for L2TP to work ... however ... all 3 options fail to work, each with their own quirks.
1) DMZ ... the T3200M is NOT providing a pure DMZ ... DMZ is supposed to be completely transparent to the downstream device ie this device should see the INTERNET IP address ... the T3200M is apparently still doing a NAT translation to an INTRANET IP Address assigned to the downstream device which I understand isn't allowed with the L2TP protocol (the TL-R600VPN explicitly states that in MUST NOT have a NAT between the Internet and the WAN port for L2TP to work)
2) under Firewall - Port Forwarding ... the T3200M can forward ports UDP 500 and UDP 4500, but doesn't provide any way to add a protocol 50 ESP
3) under Firewall - Applications ... the T3200M provides an IPSEC L2TP application that presumably provides the required port forwarding with rules that include the Protocol 50 ESP ... BUT ... looking at the port forwarding after this application is applied only shows port 500 was forwarded (suggesting the rules weren't fully applied) ... AND ... if the T3200M reboots, both the Application and the Port Forwarding settings are destroyed (if these settings aren't static, then Applications aren't reliable)
As stated above, PPTP does work but isn't recommended due to its known security vulnerabilities ... PPTP is provided via Advanced ALG PPTP Enable + Port Forwarding Port TCP 1723 to your VPN Server device
<UL>For PPTP: <UL>
<FONT size="1" face="Verdana">IP Protocol=TCP, TCP Port number=1723