Hi!
I would like to setup SoftEther VPN Server on an environment that only a shared IP is available, and the condition is that the port-forwarding is allowed, but you won't be able to forward internal UDP ports to the same ports on the external IP. As a result, the forwarded ports would be something like:
192.168.0.3:500 --- Forwarded ---> 211.1.2.3:16357
192.168.0.3:4500 --- Forwarded ---> 211.1.2.3:16358
192.168.0.3:1701 -- Forwarded --> 211.1.2.3:16359
As to the environment like this, would I be able to connect to the server via L2TP/IPSec?
Hope to get replies soon.
Thanks! Much appreciated!
Regards,
Andy
L2TP/IPSec on Systems with Shared IP Only
-
- Posts: 12
- Joined: Wed Jun 24, 2015 10:04 pm
Re: L2TP/IPSec on Systems with Shared IP Only
Anyone knows how to achieve this? :-)
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: L2TP/IPSec on Systems with Shared IP Only
I have never seen such client.
-
- Posts: 12
- Joined: Wed Jun 24, 2015 10:04 pm
Re: L2TP/IPSec on Systems with Shared IP Only
thisjun wrote:
> I have never seen such client.
Umm... Hope the support for L2TP/IPSec on shared IP environment could be accomplished eventually.
> I have never seen such client.
Umm... Hope the support for L2TP/IPSec on shared IP environment could be accomplished eventually.
-
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: L2TP/IPSec on Systems with Shared IP Only
501ari5 wrote:
> Umm... Hope the support for L2TP/IPSec on shared IP environment could be accomplished
> eventually.
I would say no chance or it would be a "new" kind of VPN. IPsec doesn't like NAT in so many ways.
You could try on a (linux) client with iptables to re-write the destination address from 211.1.2.3:500 to 211.1.2.3:16357. Then the package may arrive at the server BUT you create a new problem. The server answer will go to your Client-IP:500 and not to the sending port...so you need port forwarding rules/IPsec Passthrough on client side too...yay.
And just for your information. The rule 192.168.0.3:1701 -- Forwarded --> 211.1.2.3:16359 is useless anyway.
Port 1701 is the port for L2TP. But you want to secure (tunnel) L2TP in IPsec, so nobody see any L2TP (Port 1701) packages except your both endpoins (server and client).
> Umm... Hope the support for L2TP/IPSec on shared IP environment could be accomplished
> eventually.
I would say no chance or it would be a "new" kind of VPN. IPsec doesn't like NAT in so many ways.
You could try on a (linux) client with iptables to re-write the destination address from 211.1.2.3:500 to 211.1.2.3:16357. Then the package may arrive at the server BUT you create a new problem. The server answer will go to your Client-IP:500 and not to the sending port...so you need port forwarding rules/IPsec Passthrough on client side too...yay.
And just for your information. The rule 192.168.0.3:1701 -- Forwarded --> 211.1.2.3:16359 is useless anyway.
Port 1701 is the port for L2TP. But you want to secure (tunnel) L2TP in IPsec, so nobody see any L2TP (Port 1701) packages except your both endpoins (server and client).