On Fri, 2020-10-16 at 15:03 +1100, Roger Plant wrote:
You shouldn't port forward 1701, this traffic goes encrypted inside the ipsec on port 4500 (when natted as in this case).
I've now read up on this and it does seem that L2TP is carried inside IPsec. I wonder why so many how-tos say that port 1701 needs to be port forwarded? Also, if it does not need to be port-forwarded, then port-forwarding it should have no effect on whether an L2TP/Ipsec VPN can be established or not. Which means that the Telstra router is screwing with either IKE or NAT-T. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: CF68 0C56 EEE4 CC19 28D4 03B3 BCE0 E800 E31F 7254 Old fingerprint: 887A DA07 4DCC EE76 B413 27D4 C638 4189 6CF0 D556