Spark hg659b - Can't Forward port 1701

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Spark hg659b - Can't Forward port 1701

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#237639 11-Jun-2018 11:02

Hi there

I am trying to set up a VPN server on my Synology NAS using L2TP/IPSec. Apparently to get this to work I need to forward ports 1701, 500, and 4500 (UDP)

The HG659B refuses to allow me to forward port 1701.

"The external port cannot be 7547,514,68,53,546,500,1701,8443,8080,990,5060,28090,50000-50020."

(Note the error message also mentions 500, but this can be forwarded with a built-in mapping).

Couple of questions:

1) Any idea why?

2) Any way around it?

There are no options to change the ports being used in the VPN Server settings.

Thanks!

Brett

yitz

2239 posts

Uber Geek
+1 received by user: 594

#2033554 11-Jun-2018 11:14

Probably there's a preset firewall rule in there for ALG or femtocell connectivity etc. purposes.

As for a way around it... I'd say just get a proper router... especially if you want to do remote access.

freakngeek

356 posts

Ultimate Geek
+1 received by user: 123

#2033562 11-Jun-2018 11:34

Use a different external port, then forward to 1701 internally

Clients will need to use the different port, also more secure to not use standard ports in the cold cruel WAN world

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2033604 11-Jun-2018 12:07

Thank you. I will try setting a different external port in the client. Good point about using a non-standard port.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2033652 11-Jun-2018 13:16

if i remember right, this port is in a preset for l2tp.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2033677 11-Jun-2018 13:55

There is a preset for IPSEC (UDP 500), but not L2TP. None of the presets are for 1701.

mindtpi99

22 posts

Geek
+1 received by user: 3

#2070811 9-Aug-2018 16:21

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2070890 9-Aug-2018 19:34

And really would you want to expose your NAS to the internet. Make sure you change all your passwords from default.
I would personally go down the openvpn path with certificates.

wsnz

654 posts

Ultimate Geek
+1 received by user: 204

#2070911 9-Aug-2018 20:15

mindtpi99:

I had the identical problem with a Synology and this router with Spark, there was no solution and they were no help. Then had exactly the same issue with a Synology and the same mode router but with Vodafone. Again, no fix but they were more helpful and told me it's disabled in the firmware and there is no way to unblock it. If you are using a PC, you can still set up PPP VPN but if you are on a Mac you really have to use OpenVPN and third party OpenVPN client. Ultimately, if you can, its just easier to buy a decent router that doesn't have those ports blocked

I've also had the same experience albeit exposing different ports. In the end I replaced the router with a more advanced unit and the issue went away. That's my default position now: see an HG659B (or any other variant used by the Telco), replace it.

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2071062 10-Aug-2018 09:51

On some ISP supplied routers , port forward (even DMZ) simply just doesnt work properly for some ports .
Just replace it , or waste alot of time struggling to make it work ,and failing anyway .