dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11
McBane
join:2008-08-22
Wylie, TX

1 edit

McBane to helpmeeh

Member

to helpmeeh

Re: PPTP VPN Actiontec MI424WR Port Forwarding Help Me

Not necessarily. As stated previously you can use VPN on the Servers themselves and just port forward on the actiontecs.

It would be a much easier and cleaner and MUCH less complex setup if you replaced the actiontec with some device that supports L2TP/IPSec though at each location you want to join.
helpmeeh
join:2013-01-14

helpmeeh

Member

Can I buy a VPN switch and plug that into the actiontec router? OR will that complicate things even more?
McBane
join:2008-08-22
Wylie, TX

McBane

Member

I've never heard of a VPN switch, so I'm not sure what you're referring to. The term itself is kind of an oxymoron in network speak.
helpmeeh
join:2013-01-14

helpmeeh

Member

A switch with VPN like a netgear. You know what I mean
McBane
join:2008-08-22
Wylie, TX

McBane

Member

If by firewall/router that support L2TP/IPSec yes, but it's not going to work very well behind the actiontec since they both serve the same purpose, and yes using both of them together would be totally redundant and unnecessarily complicate things, but it can be done if that's what you're trying to achieve.
helpmeeh
join:2013-01-14

helpmeeh

Member

I appreciate your help.
rlstarry
Premium Member
join:2002-05-22
California

rlstarry

Premium Member

helpmeeh,
you can use the actiontech to forward your l2tp/ipsec vpn to a remote windows server running the vpn. It took me a bit to get it working but now I have no issues. In the action tech router go to the advanced page. then click on port forwarding rules near the bottom of the page. here is where you can add the "advanced" forwarding rules like GRE and IPSec. I added a rule for l2tp for UDP any -> 1701 and IPSec UDP 500->500 ESP and AH.

If you're using a windows machine you'll need to add a key to the registry since microsoft doesn't think you should be connecting to an l2tp vpn through a nat.

Heres how to do that:
In the Start menu search box, type "regedit" and press ENTER
You will be prompted to allow Administrator rights, click Yes.
Locate and click the registry subkey named HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
On the Edit menu, point to New, and click DWORD Value
In the New Value #1 box, type "AssumeUDPEncapsulationContextOnSendRule" (this is case-sensitive and contains no spaces), and press ENTER.
Right-click AssumeUDPEncapsulationContextOnSendRule, and select Modify.
In the Value data box, type "2" and click OK
You'll probably need to reboot.

I'm using a preshared key on the windows 2008 server so I didn't have to worry about installing certificates.

Hope that offers some help to you.