Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BrettOnTheNet

56 posts

Master Geek


#237639 11-Jun-2018 11:02
Send private message

Hi there

 

I am trying to set up a VPN server on my Synology NAS using L2TP/IPSec.  Apparently to get this to work I need to forward ports 1701, 500, and 4500 (UDP)

 

The HG659B refuses to allow me to forward port 1701. 

"The external port cannot be 7547,514,68,53,546,500,1701,8443,8080,990,5060,28090,50000-50020."

 

(Note the error message also mentions 500, but this can be forwarded with a built-in mapping). 

 

 

 

Couple of questions: 

 

1) Any idea why? 

 

2) Any way around it?

 

There are no options to change the ports being used in the VPN Server settings. 

 

Thanks!

 

Brett


Create new topic
yitz
1483 posts

Uber Geek


  #2033554 11-Jun-2018 11:14
Send private message

Probably there's a preset firewall rule in there for ALG or femtocell connectivity etc. purposes.

 

 

As for a way around it... I'd say just get a proper router... especially if you want to do remote access.

freakngeek
348 posts

Ultimate Geek


  #2033562 11-Jun-2018 11:34
Send private message

Use a different external port, then forward to 1701 internally

 

Clients will need to use the different port, also more secure to not use standard ports in the cold cruel WAN world


 
 
 
 


BrettOnTheNet

56 posts

Master Geek


  #2033604 11-Jun-2018 12:07
Send private message

Thank you. I will try setting a different external port in the client.  Good point about using a non-standard port. 

 

 

 

 


hio77
'That VDSL Cat'
12533 posts

Uber Geek

Trusted
Spark
Subscriber

  #2033652 11-Jun-2018 13:16
Send private message

if i remember right, this port is in a preset for l2tp.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


BrettOnTheNet

56 posts

Master Geek


  #2033677 11-Jun-2018 13:55
Send private message

There is a preset for IPSEC (UDP 500), but not L2TP.  None of the presets are for 1701. 


mindtpi99
22 posts

Geek


  #2070811 9-Aug-2018 16:21
Send private message

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked


BarTender
3205 posts

Uber Geek

Trusted
Lifetime subscriber

  #2070890 9-Aug-2018 19:34
Send private message

And really would you want to expose your NAS to the internet. Make sure you change all your passwords from default.
I would personally go down the openvpn path with certificates.




and


 
 
 
 


wsnz
627 posts

Ultimate Geek


  #2070911 9-Aug-2018 20:15
Send private message

mindtpi99:

 

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked

 

 

I've also had the same experience albeit exposing different ports. In the end I replaced the router with a more advanced unit and the issue went away. That's my default position now: see an HG659B (or any other variant used by the Telco), replace it.


1101
2276 posts

Uber Geek


  #2071062 10-Aug-2018 09:51
Send private message

On some ISP supplied routers , port forward (even DMZ) simply just doesnt work properly for some ports .
Just replace it , or waste alot of time struggling to make it work ,and failing anyway .


Create new topic




News »

HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37


NVIDIA to acquire Arm for US$ 40 billion
Posted 14-Sep-2020 12:27


Epson launches its next gen A3+ colour EcoTank multi-function printer
Posted 10-Sep-2020 16:08


Sony launches three new native 4K SXRD home cinema projectors
Posted 9-Sep-2020 18:00


Catalyst Cloud brings Kubernetes-based open-source web hosting solution to market
Posted 9-Sep-2020 17:54


Verizon Connect eyes further growth in New Zealand
Posted 8-Sep-2020 09:26


PNY launches XLR8 gaming NVIDIA GeForce RTX 30 series powered by the all-new NVIDIA Ampere architecture
Posted 3-Sep-2020 16:39


NVIDIA delivers greatest-ever generational leap with GeForce RTX 30 Series GPUs
Posted 3-Sep-2020 16:17


Weta Digital advances visual effects and animation in the cloud with AWS
Posted 2-Sep-2020 17:09


Kiwrious lab-in-the-pocket kit designed for schoolchildren
Posted 28-Aug-2020 09:03


Fitbit introduces Sense, its most advanced health smartwatch
Posted 26-Aug-2020 10:14



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.