Sign in with
Sign up | Sign in
Your question

what exactly is a router doing, when you enable l2tp pass-..

Last response: in Wireless Networking
Share
May 26, 2004 6:00:39 PM

Archived from groups: alt.internet.wireless (More info?)

if a router like the linksys wrt54g has the option to "enable l2tp
pass-through" - does it mean it just forwards l2tp through to the
client? In other words: if I disable l2tp pass-through but establish
portforwarding for UDP 500 and UDP 1701 would it be the same?

Thanks,
Jan
Anonymous
a b F Wireless
May 27, 2004 2:45:29 AM

Archived from groups: alt.internet.wireless (More info?)

jan@geisbauer.de (Jan) wrote in news:6103291d.0405261300.68557356
@posting.google.com:

> if a router like the linksys wrt54g has the option to "enable l2tp
> pass-through" - does it mean it just forwards l2tp through to the
> client? In other words: if I disable l2tp pass-through but establish
> portforwarding for UDP 500 and UDP 1701 would it be the same?
>

L2TP is a VPN protocol like TCP/IP is a carrier protocol to carry data
from one machine to another machine on a network LAN or WAN. The L2TP VPN
protocol encrypts and encapsulates the data within the L2TP protocol and
the L2TP rides on the TCP/IP the carrier protocol.

For a secure VPN connection, there must be two valid VPN end-points. If
you disable L2TP on the router, the VPN connection is no longer a valid
secure VPN connection. VPN can be established on a machine behind the
router and it would still be a valid VPN connection, without the router
using its VPN protocol.

Port forwarding is port forwarding of ports to an IP/machine opening the
ports on the router to the public Internet and has nothing to do with a
secure end-point to end-point VPN connection.

Duane :) 
Anonymous
a b F Wireless
May 28, 2004 2:11:14 AM

Archived from groups: alt.internet.wireless (More info?)

"Ron Bandes" <RunderscoreBandes @yah00.com> wrote in
news:0sntc.58463$cz5.24018889@news4.srv.hcvlny.cv.net:

> Port forwarding is part of VPN passthrough, but I don't think it's the
> whole issue. I'm a little unsure here without doing some research,
> but I'll give it a try. I believe the other aspect of VPN passthrough
> has to do with NAT. Strictly speaking, protocol layers above the
> Network layer (IP) should not put IP address into their data fields,
> because a NAT router normally translates only the IP addresses found
> in the IP header (all the fields in an IP packet other than your
> data). Some higher layer protocols do embed IP addresses in their
> data; FTP is notorious for this. For any higher layer protocol that
> behaves this way, the router must have knowledge of that protocol so
> that it can FIXUP the addresses embedded in data fields. I believe
> this is the case for L2TP as well.

I did read some articles out on Google about IPsec and L2TP issues with a
NAT router where the VPN end-point was behind the router for Win 2K, XP
and 2K3. In that case, the solution was to map the ports (port forward)
the VPN ports to the IP/machine behind the router.

In the case of the OP who seems to have VPN issues at the machine level,
port forwarding the VPN ports may resolve the issue for a VPN
server/client software setup at the O/S level.

I don't think one needs to enable the pass through protocol on the router
in this situation, since it's the machine that's the end-point. I could
be wrong.

Duane :) 
!