cancel
Showing results for 
Search instead for 
Did you mean: 

VPN L2TP IPSEC on Zyxel USG60 ... not working failed to connect to L2TP server

Jafffamuffin
Joining in

Hi

 

Can anyone confirm if Virgin are blocking ports on the service, specifically 50, 1701 and 500 since I am unable to successfully get a VPN working into my network..  I'm using a SH3 in modem mode since 2 years or so, and I use a Zyxel USG60 firewall device .  I am able to connect to my network on other services as required but am failing to set up the VPN, I'm getting a result as if its totally being blocked. It's not even hitting my firewall.  

Just looking to be able to connect in on my laptop on iphone. 

 

Or any one else successfully running IPSEC L2TP VPN on their VM connection ? 

 

Thanks 

9 REPLIES 9

Tudor
Very Insightful Person
Very Insightful Person

VM do NOT block those ports.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

Eeeps
Well-informed

My incoming VPN arrangement is different from yours but I do use L2TP.
In my case I have a VPN server running on an internal machine with port forwarding on my router (Hub3 in modem mode).

Firstly, the only ports required for L2TP are UDP 500 and 4500.
Secondly, how are you resolving your external IP address? I use no-ip.com.

Do you have any logs on your client devices that may indicate what is happening?

Sofia_B
Forum Team (Retired)
Forum Team (Retired)

Hi @jaffamuffin

 

Thanks for your post 🙂 

 

I'm sorry to hear you're having some issues getting your VPN working, I appreciate this is frustrating and we apologise for any inconvenience caused. 

 

As advised by Tudor, we do not block these ports. 

 

Please follow up on the questions asked by Eeeps so we can best advise you from here. 

 

Thanks, 

Sofia
Forum Team



New around here? To find out more about the Community check out our Getting Started guide


Hello thanks for the messages.   I manged to figure out through enableing logs on firewall rules that I had a NAT rule in place that was catching the VPN attempts and diverting them to another system that was silently rejecting them.    So I disabled that and was able to successfully mange to get a VPN working fine.

 

As for IP I am not yet resolving it dynamically just using IP for now. I'm aware it may change but it seems to have not changed for about a year so far.

Many thanks!


@Jafffamuffin wrote:

Hello thanks for the messages.   I manged to figure out through enableing logs on firewall rules that I had a NAT rule in place that was catching the VPN attempts and diverting them to another system that was silently rejecting them.    So I disabled that and was able to successfully mange to get a VPN working fine.

 

As for IP I am not yet resolving it dynamically just using IP for now. I'm aware it may change but it seems to have not changed for about a year so far.

Many thanks!


Glad you managed to sort it out, the key to many of these sorts of errors is to systematically work through what is happening to the connections and logging is key to this.

Don’t worry too much about the IP address, VM’s public addresses tend to be very sticky and sometimes don’t change for years. If and when the address does change and the tunnel falls over, make that the first thing you check.

Incidentally 1701 is for PPTP which is about as secure now as a wet paper bag! Please tell me you aren’t using that protocol to connect!

Hi 

 

It's L2TP which uses that port, the firewall rule is configured to only pass the VPN encrypted traffic through otherwise it drops it

legacy1
Alessandro Volta

 @Jafffamuffin wrote:

Or any one else successfully running IPSEC L2TP VPN on their VM connection ? 


 

I have a Zyxel VPN setup and you can do a test connect to it link below its likely you have not set it up right.   


@Eeeps wrote:

Firstly, the only ports required for L2TP are UDP 500 and 4500.


well protocol 50 and UDP 1701 if end to end has WAN IP and no NAT...😎


@jem101 wrote:

Incidentally 1701 is for PPTP which is about as secure now as a wet paper bag! Please tell me you aren’t using that protocol to connect!


PPTP is 1723 and protocol 47 

---------------------------------------------------------------


@legacy1 wrote:

 @Jafffamuffin wrote:

Or any one else successfully running IPSEC L2TP VPN on their VM connection ? 


 

I have a Zyxel VPN setup and you can do a test connect to it link below its likely you have not set it up right.   


@Eeeps wrote:

Firstly, the only ports required for L2TP are UDP 500 and 4500.


well protocol 50 and UDP 1701 if end to end has WAN IP and no NAT...😎


@jem101 wrote:

Incidentally 1701 is for PPTP which is about as secure now as a wet paper bag! Please tell me you aren’t using that protocol to connect!


PPTP is 1723 and protocol 47 


My bad, it was a long day!