Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BrettOnTheNet

75 posts

Master Geek


#237639 11-Jun-2018 11:02
Send private message

Hi there

 

I am trying to set up a VPN server on my Synology NAS using L2TP/IPSec.  Apparently to get this to work I need to forward ports 1701, 500, and 4500 (UDP)

 

The HG659B refuses to allow me to forward port 1701. 

"The external port cannot be 7547,514,68,53,546,500,1701,8443,8080,990,5060,28090,50000-50020."

 

(Note the error message also mentions 500, but this can be forwarded with a built-in mapping). 

 

 

 

Couple of questions: 

 

1) Any idea why? 

 

2) Any way around it?

 

There are no options to change the ports being used in the VPN Server settings. 

 

Thanks!

 

Brett


Create new topic
yitz
2052 posts

Uber Geek


  #2033554 11-Jun-2018 11:14
Send private message

Probably there's a preset firewall rule in there for ALG or femtocell connectivity etc. purposes.

 

 

As for a way around it... I'd say just get a proper router... especially if you want to do remote access.

 
 
 

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).
freakngeek
356 posts

Ultimate Geek


  #2033562 11-Jun-2018 11:34
Send private message

Use a different external port, then forward to 1701 internally

 

Clients will need to use the different port, also more secure to not use standard ports in the cold cruel WAN world


BrettOnTheNet

75 posts

Master Geek


  #2033604 11-Jun-2018 12:07
Send private message

Thank you. I will try setting a different external port in the client.  Good point about using a non-standard port. 

 

 

 

 




hio77
'That VDSL Cat'
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks
Subscriber

  #2033652 11-Jun-2018 13:16
Send private message

if i remember right, this port is in a preset for l2tp.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


BrettOnTheNet

75 posts

Master Geek


  #2033677 11-Jun-2018 13:55
Send private message

There is a preset for IPSEC (UDP 500), but not L2TP.  None of the presets are for 1701. 


mindtpi99
22 posts

Geek


  #2070811 9-Aug-2018 16:21
Send private message

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked


BarTender
3595 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2070890 9-Aug-2018 19:34
Send private message

And really would you want to expose your NAS to the internet. Make sure you change all your passwords from default.
I would personally go down the openvpn path with certificates.



wsnz
647 posts

Ultimate Geek


  #2070911 9-Aug-2018 20:15
Send private message

mindtpi99:

 

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked

 

 

I've also had the same experience albeit exposing different ports. In the end I replaced the router with a more advanced unit and the issue went away. That's my default position now: see an HG659B (or any other variant used by the Telco), replace it.


1101
3121 posts

Uber Geek


  #2071062 10-Aug-2018 09:51
Send private message

On some ISP supplied routers , port forward (even DMZ) simply just doesnt work properly for some ports .
Just replace it , or waste alot of time struggling to make it work ,and failing anyway .


Create new topic





News and reviews »

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00


Suunto Run Review
Posted 10-Jun-2025 10:44


Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50


HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40


Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06


Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57


AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55


Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14


New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08


Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04


Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50


OPPO Reno13 Pro 5G Review 
Posted 29-May-2025 15:33


Logitech Introduces New G522 Gaming Headset
Posted 21-May-2025 19:01


LG Announces New Ultragear OLED Range for 2025
Posted 20-May-2025 16:35


Sandisk Raises the Bar With WD_BLACK SN8100 NVME SSD
Posted 20-May-2025 16:29









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac