L2TP/IPSec on Systems with Shared IP Only

[501ari5]

Hi!

I would like to setup SoftEther VPN Server on an environment that only a shared IP is available, and the condition is that the port-forwarding is allowed, but you won't be able to forward internal UDP ports to the same ports on the external IP. As a result, the forwarded ports would be something like:

192.168.0.3:500 --- Forwarded ---> 211.1.2.3:16357
192.168.0.3:4500 --- Forwarded ---> 211.1.2.3:16358
192.168.0.3:1701 -- Forwarded --> 211.1.2.3:16359

As to the environment like this, would I be able to connect to the server via L2TP/IPSec?

Hope to get replies soon.

Thanks! Much appreciated!

Regards,


Andy

[501ari5]

Anyone knows how to achieve this? :-)

[thisjun]

I have never seen such client.

[501ari5]

thisjun wrote:
> I have never seen such client.

Umm... Hope the support for L2TP/IPSec on shared IP environment could be accomplished eventually.

[qupfer]

501ari5 wrote:
> Umm... Hope the support for L2TP/IPSec on shared IP environment could be accomplished
> eventually.

I would say no chance or it would be a "new" kind of VPN. IPsec doesn't like NAT in so many ways.
You could try on a (linux) client with iptables to re-write the destination address from 211.1.2.3:500 to 211.1.2.3:16357. Then the package may arrive at the server BUT you create a new problem. The server answer will go to your Client-IP:500 and not to the sending port...so you need port forwarding rules/IPsec Passthrough on client side too...yay.

And just for your information. The rule 192.168.0.3:1701 -- Forwarded --> 211.1.2.3:16359 is useless anyway.
Port 1701 is the port for L2TP. But you want to secure (tunnel) L2TP in IPsec, so nobody see any L2TP (Port 1701) packages except your both endpoins (server and client).