Yup, it's a Telstra thing. They sell am l2tp service so practically block any others. Your account manager might be able to help you, or just use wireguard/OpenVPN etc. On Fri, 16 Oct 2020, 12:47 Karl Auer, <kauer@nullarbor.com.au> wrote:
This is not really a Mikrotik question, but the people here have lots of experience with routers generally so I will ask anyway...
I (of course) use a Mikrotik router at home. I also have a Synology NAS at home, which supports an LT2P/IPsec VPN (with PSK). I have forwarded UDP ports 1701, 500 and 4500 through the Mikrotik, and connections from outside work flawlessly.
When I configure another Synology, this one at a client site, the exact same way, the port forwarding through the Telstra-supplied router just doesn't work. I have disabled the in-router VPN. The client says that the L2TP negotiation failed.
Now here's the thing: Connecting to the VPN from inside the network works fine. So L2TP, IKE, IPsec-NAT-T, the pre-shared key and the NAS user credentials are all demonstrably correct. Attempt from outside the network and - nope.
Not sure of the model of Telstra router (it's the black-faced vertical one with the big blue-lit button at top). Anyway, I have a couple of other Telstra routers, one a Netgear DEVG2020, on a Technicolor TG799vac. and as far as I can tell they don't work either!
Is this a Telstra thing - don't let VPNs through? Is there a trick to it? Short of replacing the things with Mikrotiks, which I am seriously considering recommending...
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: CF68 0C56 EEE4 CC19 28D4 03B3 BCE0 E800 E31F 7254 Old fingerprint: 887A DA07 4DCC EE76 B413 27D4 C638 4189 6CF0 D556
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au