L2TP passthrough

Discussion in 'Tomato Firmware' started by Lacertadeus, Dec 22, 2017.

  1. Lacertadeus

    Lacertadeus New Member Member

    I have been searching for better part of 3 hours and tried a dozen scripts and router configurations. I have a RRAS server inside an advanced tomato firewall. I am trying to get a L2TP vpn to pass through the firewall but it will not.
    I have tried DMZ, I am forwarding ports UDP 500 and 4500

    I think the problem is with ESP and AH not passing along, but I can't get them to work. This is the latest version of the script I'm using, not sure what else to try. Suggestions? Thanks in advance

    iptables -t nat -I PREROUTING -p udp --dport 500 -j DNAT --to
    iptables -I FORWARD -p udp -d --dport 500 -j ACCEPT
    iptables -t nat -I PREROUTING -p udp --dport 4500 -j DNAT --to
    iptables -I FORWARD -p udp -d --dport 4500 -j ACCEPT
    iptables -t nat -I PREROUTING -p 50 -j DNAT --to
    iptables -I FORWARD -p 50 -d -j ACCEPT
    iptables -t nat -I PREROUTING -p 51 -j DNAT --to
    iptables -I FORWARD -p 51 -d -j ACCEPT
    iptables -A FORWARD -p esp -d -j ACCEPT
    iptables -A FORWARD -p ah -d -j ACCEPT
  2. Sean B.

    Sean B. LI Guru Member

    I would suggest using tcpdump on the router ( or rpcapd with remote capture Wireshark ) and track your packet flows. It should be rather easy to spot where things go wrong.
  3. eibgrad

    eibgrad Network Guru Member

    Does the syslog provide any useful information?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice