Port forwarding issue on router blocking 1701 for LT2P VPN access

MrM · 5 Apr 2019 at 08:04

I dont know if anyone can help and you will need to forgive me as I am not as savvy as I would like to be.

I have a Huawei 4G router (cant get fibre or decent ADSL connection where I am). At a previous house I ran a VPN server from my Synology NAS using L2TP.

My Huawei router has some inbuilt L2TP functionality and as such wont allow me to forward port 1701 which appears to stop me in my tracks for what I want to achieve. A number of ports are "blocked" from forwarding, I presume due to other inbuilt router functions.

Ive been looking for a "better", more flexible router, but there isnt much option in the 4G space and the performance of my router is actually very good. Can anyone advise if there is a workaround for me to get my VPN server up and running?

Thanks!

the-evaluator · 5 Apr 2019 at 09:03

It's not just the router that's stopping it working, the connectivity itself more than likely us.

Mobile phone providers use CGNAT so that a number of customers go out to the internet from a single public IP address, it's the same thing if you have ADSL where you devices have a private IP address whilst the router has a single public IP address. When your ISP is supplying your router a public IP address you can get port forwarding working but your 4G connection will most likely have a private IP address on the WAN port which means you can set any port forwarding you want but it won't work.

To check, go to www.whatismyipaddress.com and note what it says. Then log into the management interface of your router and see what IP address is reports as the WAN address. They won't match.

So to get this working not only will you need a new 4G router (I've no idea what to suggest here) but you'll need 4G connectivity that comes with a public IP address. I've seen companies that supply them but you'll pay a price premium.

MrM · 5 Apr 2019 at 09:34

Thanks for the reply. Via ddns I can get access to my NAS from outside the home.... so assumed that setting up a VPN server shouldnt be too much trouble. I need to look into the CGNAT issue further.

the-evaluator · 5 Apr 2019 at 09:37

Hmm, if you can get to your NAS using DDNS then it does sound like CGNAT isn't an issue which is a bit of a surprise.

MrM · 5 Apr 2019 at 09:54

Im sure the issue is because the router hard blocks it (says so if I try to forward it). So Im curious if anyone knows of a work around? Whether 1701 is set in stone, or if I can somehow use a different port in the Synology VPN framework somehow.

bremen1874 · 5 Apr 2019 at 10:57

What model is the router?

MrM · 5 Apr 2019 at 11:48

Huawei B525

bremen1874 · 5 Apr 2019 at 12:12

Have you checked the router's GUI for a VPN pass-through option (a quick Internet search didn't find anything)?

The Synology support pages have OpenVPN as an option, have you tried that instead?

What would using the router as a VPN endpoint instead of the Synology stop you doing?