Can't forward UDP port 500 when other UDP ports work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Can't forward UDP port 500 when other UDP ports work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Can't forward UDP port 500 when other UDP ports work
Can't forward UDP port 500 when other UDP ports work
2023-06-19 15:54:58 - last edited 2023-08-15 11:36:39
Model: Archer C80  
Hardware Version: V1
Firmware Version: 1.12.10 Build 230208 Rel.38878n(5553)

Hi

 

I have a L2TP VPN server behind the router.

UDP ports 4500 and 1701 can be forwarded to the VPN server but not the UDP port 500.

I have tried Port Forwarding, UPnP and DMZ.

I have enabled L2TP Passthrough which forwarded UDP port 1701.

I have tried IPSec Passthrough which doesn't help.

 

I can connect to the L2TP VPN server when using the private network IP address directly so the VPN server is working but can't connect when using the public IP address.

  0      
  0      
#1
Options
1 Accepted Solution
Re:Can't forward UDP port 500 when other UDP ports work-Solution
2023-06-21 04:14:28 - last edited 2023-08-15 11:36:39

  @Sunshine 

 

I have just applied a new firmware from the TP-Link support engineers and it has fixed the problem.

 

Thanks for everyone's help.

Recommended Solution
  0  
  0  
#7
Options
6 Reply
Re:Can't forward UDP port 500 when other UDP ports work
2023-06-19 17:06:04

  @kit1c2000 

 

Hi,

 

How have you determined that ports 4500 and 1701 are forwarded properly while port 500 can not?

 

Does the Archer C80 show an error message when you try to add a forwarding rule for port 500?

 

What is the "Internet Connection Type" of the C80's Internet connection? Is it PPPoE?
 

  0  
  0  
#2
Options
Re:Can't forward UDP port 500 when other UDP ports work
2023-06-19 17:39:32

  @woozle 

 

I used the netcat command line tool to listen to the UDP ports in the VPN server then I sent messages to it via the ports to see if the VPN server can see the messages.

The VPN server is a Synology NAS. The command I used was "ncat -ul 500" in the Synology NAS and on my Mac I used "nc -u xxx.xxx.xxx.xxx 500" then type message on my Mac following the command. Only port 500 cannot see the message if I had sent it with public IP. Private IP can see the message using port 500.

I can successfully add the forwarding rule for port 500.

 

The internet connection type is "Dynamic IP".

  0  
  0  
#3
Options
Re:Can't forward UDP port 500 when other UDP ports work
2023-06-19 20:49:09 - last edited 2023-06-19 20:51:49

  @kit1c2000 

 

I just tested this with an Archer C64 that has the same firmware version as your Archer C80. (both routers have very similar hardware, main difference is that C64 has 2×2 MIMO wireless while the C80 has 3×3 MIMO)

 

It turned out that the C64 with firmware version 1.12.10 shows the exact same behavior as your C80.

 

While fiddling around with some settings I noticed that forwarding of port 500 UDP starts working when the option "IPSec Passthrough" is switched off.

 

So that's what you could try.

 

Anyway, I think this must be a bug in the router's firmware, because on another TP-Link router forwarding of port 500 UDP works fine even with "IPSec Passthrough" activated.

 

  0  
  0  
#4
Options
Re:Can't forward UDP port 500 when other UDP ports work
2023-06-20 07:12:27

  @woozle 

 

Thanks for your investigation.

 

After switching off the "IPSec Passthrough" option, the UDP port 500 does start forwarding. (I'm testing on public network now. Last time I tried, I was testing under the same private network as the VPN server and the router maybe blocked the port forwarding somehow while under the same private network.)

 

However, I still cannot connect to the VPN server on public network.

 

After doing more researches and discussed with my system admin friend, I think I need to switch on the "IPSec Passthrough" option to get the L2TP/IPsec to work.

 

At this point. I think just as you said that this must be a bug in the router's firmware as another TP-Link router forwarding of port 500 UDP works fine even with "IPSec Passthrough" activated

  0  
  0  
#5
Options
Re:Can't forward UDP port 500 when other UDP ports work
2023-06-20 11:14:59

  @kit1c2000 

 

Hi, to assist you efficiently, I've forwarded your case to the TP-Link support engineers, who will contact you with your registered email address later. Please pay attention to your email box for follow-up.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#6
Options
Re:Can't forward UDP port 500 when other UDP ports work-Solution
2023-06-21 04:14:28 - last edited 2023-08-15 11:36:39

  @Sunshine 

 

I have just applied a new firmware from the TP-Link support engineers and it has fixed the problem.

 

Thanks for everyone's help.

Recommended Solution
  0  
  0  
#7
Options