Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BrettOnTheNet

56 posts

Master Geek


#237639 11-Jun-2018 11:02
Send private message

Hi there

 

I am trying to set up a VPN server on my Synology NAS using L2TP/IPSec.  Apparently to get this to work I need to forward ports 1701, 500, and 4500 (UDP)

 

The HG659B refuses to allow me to forward port 1701. 

"The external port cannot be 7547,514,68,53,546,500,1701,8443,8080,990,5060,28090,50000-50020."

 

(Note the error message also mentions 500, but this can be forwarded with a built-in mapping). 

 

 

 

Couple of questions: 

 

1) Any idea why? 

 

2) Any way around it?

 

There are no options to change the ports being used in the VPN Server settings. 

 

Thanks!

 

Brett


Create new topic
yitz
1487 posts

Uber Geek


  #2033554 11-Jun-2018 11:14
Send private message

Probably there's a preset firewall rule in there for ALG or femtocell connectivity etc. purposes.

 

 

As for a way around it... I'd say just get a proper router... especially if you want to do remote access.

freakngeek
350 posts

Ultimate Geek


  #2033562 11-Jun-2018 11:34
Send private message

Use a different external port, then forward to 1701 internally

 

Clients will need to use the different port, also more secure to not use standard ports in the cold cruel WAN world


 
 
 
 


BrettOnTheNet

56 posts

Master Geek


  #2033604 11-Jun-2018 12:07
Send private message

Thank you. I will try setting a different external port in the client.  Good point about using a non-standard port. 

 

 

 

 


hio77
'That VDSL Cat'
12607 posts

Uber Geek

Trusted
Subscriber

  #2033652 11-Jun-2018 13:16
Send private message

if i remember right, this port is in a preset for l2tp.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


BrettOnTheNet

56 posts

Master Geek


  #2033677 11-Jun-2018 13:55
Send private message

There is a preset for IPSEC (UDP 500), but not L2TP.  None of the presets are for 1701. 


mindtpi99
22 posts

Geek


  #2070811 9-Aug-2018 16:21
Send private message

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked


BarTender
3219 posts

Uber Geek

Trusted
Lifetime subscriber

  #2070890 9-Aug-2018 19:34
Send private message

And really would you want to expose your NAS to the internet. Make sure you change all your passwords from default.
I would personally go down the openvpn path with certificates.




and


 
 
 
 


wsnz
629 posts

Ultimate Geek


  #2070911 9-Aug-2018 20:15
Send private message

mindtpi99:

 

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked

 

 

I've also had the same experience albeit exposing different ports. In the end I replaced the router with a more advanced unit and the issue went away. That's my default position now: see an HG659B (or any other variant used by the Telco), replace it.


1101
2314 posts

Uber Geek


  #2071062 10-Aug-2018 09:51
Send private message

On some ISP supplied routers , port forward (even DMZ) simply just doesnt work properly for some ports .
Just replace it , or waste alot of time struggling to make it work ,and failing anyway .


Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS1621+ 
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.