what exactly is a router doing, when you enable l2tp pass-..

Archived from groups: alt.internet.wireless (More info?)

if a router like the linksys wrt54g has the option to "enable l2tp
pass-through" - does it mean it just forwards l2tp through to the
client? In other words: if I disable l2tp pass-through but establish
portforwarding for UDP 500 and UDP 1701 would it be the same?

Thanks,
Jan
2 answers Last reply
More about what router doing enable l2tp pass
  1. Archived from groups: alt.internet.wireless (More info?)

    jan@geisbauer.de (Jan) wrote in news:6103291d.0405261300.68557356
    @posting.google.com:

    > if a router like the linksys wrt54g has the option to "enable l2tp
    > pass-through" - does it mean it just forwards l2tp through to the
    > client? In other words: if I disable l2tp pass-through but establish
    > portforwarding for UDP 500 and UDP 1701 would it be the same?
    >

    L2TP is a VPN protocol like TCP/IP is a carrier protocol to carry data
    from one machine to another machine on a network LAN or WAN. The L2TP VPN
    protocol encrypts and encapsulates the data within the L2TP protocol and
    the L2TP rides on the TCP/IP the carrier protocol.

    For a secure VPN connection, there must be two valid VPN end-points. If
    you disable L2TP on the router, the VPN connection is no longer a valid
    secure VPN connection. VPN can be established on a machine behind the
    router and it would still be a valid VPN connection, without the router
    using its VPN protocol.

    Port forwarding is port forwarding of ports to an IP/machine opening the
    ports on the router to the public Internet and has nothing to do with a
    secure end-point to end-point VPN connection.

    Duane :)
  2. Archived from groups: alt.internet.wireless (More info?)

    "Ron Bandes" <RunderscoreBandes @yah00.com> wrote in
    news:0sntc.58463$cz5.24018889@news4.srv.hcvlny.cv.net:

    > Port forwarding is part of VPN passthrough, but I don't think it's the
    > whole issue. I'm a little unsure here without doing some research,
    > but I'll give it a try. I believe the other aspect of VPN passthrough
    > has to do with NAT. Strictly speaking, protocol layers above the
    > Network layer (IP) should not put IP address into their data fields,
    > because a NAT router normally translates only the IP addresses found
    > in the IP header (all the fields in an IP packet other than your
    > data). Some higher layer protocols do embed IP addresses in their
    > data; FTP is notorious for this. For any higher layer protocol that
    > behaves this way, the router must have knowledge of that protocol so
    > that it can FIXUP the addresses embedded in data fields. I believe
    > this is the case for L2TP as well.

    I did read some articles out on Google about IPsec and L2TP issues with a
    NAT router where the VPN end-point was behind the router for Win 2K, XP
    and 2K3. In that case, the solution was to map the ports (port forward)
    the VPN ports to the IP/machine behind the router.

    In the case of the OP who seems to have VPN issues at the machine level,
    port forwarding the VPN ports may resolve the issue for a VPN
    server/client software setup at the O/S level.

    I don't think one needs to enable the pass through protocol on the router
    in this situation, since it's the machine that's the end-point. I could
    be wrong.

    Duane :)
Ask a new question

Read More

Wireless Routers UDP Linksys Internet Wireless Networking