1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

L2TP VPN and forwarding

Discussion in 'Tomato Firmware' started by macbrian, Jan 11, 2017.

  1. macbrian

    macbrian Networkin' Nut Member


    Hardware is Asus RT-N66U with Tomato RAF Firmware v1.28.9014 MIPSR2-RAF-v1.3g K26 USB configured as Gateway connected to internet with static IP.

    On my local network i have a computer running a VPN server (L2TP). VPN connection works perfectly on local network.

    I have forwarded UDP 500, UDP 1701 and UDP 4500 to my VPN servers local IP address.

    Can anyone tell me what else i need to do to use my VPN server from WAN?

  2. koitsu

    koitsu Network Guru Member

    L2TP also requires that you forward IP protocol 50 (ESP) to the destination. This is not a port number, this is a separate protocol (like how TCP and UDP are protocols). You cannot do this through the GUI in Tomato. You will need custom iptables rules to do this added to your Administration -> Scripts -> Firewall section:

    iptables -t nat -A WANPREROUTING -p 50 -j DNAT --to-destination lan.machine.ip.address
    You may or may not need UDP port 4500 forwarded, BTW. Try it without first.

    I cannot help you past this point. Good luck.
    macbrian likes this.
  3. macbrian

    macbrian Networkin' Nut Member

    Thank you very much koitsu.

    It works flawlessly :)

    Have a nice day :)
    Last edited: Jan 16, 2017

Share This Page