Can't forward UDP port 500 when other UDP ports work
Hi
I have a L2TP VPN server behind the router.
UDP ports 4500 and 1701 can be forwarded to the VPN server but not the UDP port 500.
I have tried Port Forwarding, UPnP and DMZ.
I have enabled L2TP Passthrough which forwarded UDP port 1701.
I have tried IPSec Passthrough which doesn't help.
I can connect to the L2TP VPN server when using the private network IP address directly so the VPN server is working but can't connect when using the public IP address.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I have just applied a new firmware from the TP-Link support engineers and it has fixed the problem.
Thanks for everyone's help.
- Copy Link
- Report Inappropriate Content
Hi,
How have you determined that ports 4500 and 1701 are forwarded properly while port 500 can not?
Does the Archer C80 show an error message when you try to add a forwarding rule for port 500?
What is the "Internet Connection Type" of the C80's Internet connection? Is it PPPoE?
- Copy Link
- Report Inappropriate Content
I used the netcat command line tool to listen to the UDP ports in the VPN server then I sent messages to it via the ports to see if the VPN server can see the messages.
The VPN server is a Synology NAS. The command I used was "ncat -ul 500" in the Synology NAS and on my Mac I used "nc -u xxx.xxx.xxx.xxx 500" then type message on my Mac following the command. Only port 500 cannot see the message if I had sent it with public IP. Private IP can see the message using port 500.
I can successfully add the forwarding rule for port 500.
The internet connection type is "Dynamic IP".
- Copy Link
- Report Inappropriate Content
I just tested this with an Archer C64 that has the same firmware version as your Archer C80. (both routers have very similar hardware, main difference is that C64 has 2×2 MIMO wireless while the C80 has 3×3 MIMO)
It turned out that the C64 with firmware version 1.12.10 shows the exact same behavior as your C80.
While fiddling around with some settings I noticed that forwarding of port 500 UDP starts working when the option "IPSec Passthrough" is switched off.
So that's what you could try.
Anyway, I think this must be a bug in the router's firmware, because on another TP-Link router forwarding of port 500 UDP works fine even with "IPSec Passthrough" activated.
- Copy Link
- Report Inappropriate Content
Thanks for your investigation.
After switching off the "IPSec Passthrough" option, the UDP port 500 does start forwarding. (I'm testing on public network now. Last time I tried, I was testing under the same private network as the VPN server and the router maybe blocked the port forwarding somehow while under the same private network.)
However, I still cannot connect to the VPN server on public network.
After doing more researches and discussed with my system admin friend, I think I need to switch on the "IPSec Passthrough" option to get the L2TP/IPsec to work.
At this point. I think just as you said that this must be a bug in the router's firmware as another TP-Link router forwarding of port 500 UDP works fine even with "IPSec Passthrough" activated
- Copy Link
- Report Inappropriate Content
Hi, to assist you efficiently, I've forwarded your case to the TP-Link support engineers, who will contact you with your registered email address later. Please pay attention to your email box for follow-up.
- Copy Link
- Report Inappropriate Content
I have just applied a new firmware from the TP-Link support engineers and it has fixed the problem.
Thanks for everyone's help.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1537
Replies: 6
Voters 0
No one has voted for it yet.