Hi,
I can not use L2TP to vpn for ios, do we need any config on the router?
Config to use vpn for smart phone
-
inten
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
Re: Config to use vpn for smart phone
Of course you do.
-
helirc123456
- Posts: 2
- Joined: Sun Jul 20, 2014 4:51 pm
Re: Config to use vpn for smart phone
It required transfer port 500 and 4500 UDP
on vpn server configuration only can create TCP listening port
how can create a UDP listening port?
on vpn server configuration only can create TCP listening port
how can create a UDP listening port?
-
inten
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
Re: Config to use vpn for smart phone
There is no need to create any UDP ports.
-
gavstah
- Posts: 61
- Joined: Wed Jun 05, 2013 11:33 pm
Re: Config to use vpn for smart phone
But most home routers *do* have a VPN Passthrough setting. So you may want to check this on your router.
-
qupfer
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: Config to use vpn for smart phone
gavstah wrote:
> But most home routers *do* have a VPN Passthrough setting. So you may want
> to check this on your router.
VPN Passthrough is a function for the "Client-Side". If he use his iOS device behind a NAT router, this router should* have vpn passthrough*.
If the server is also behind a nat-router, he have to forward the IPsec traffic from the router to the server, And IPsec doesn't use TCP or UDP. It use AH and ESP. But IPsec has some "features" which support to encapsulate AH and ESP in UDP Traffic (Port 4500). For the Key-Exchange UDP Port 500 is used.
So, on server side, you have to port-forwarding [ UDP port 500 & 4500 ] or [ UDP 500 & ESP & AH ](ESP and AH havn't ports. You can forward all or nothing^^)
Wikipedia says, its also pssible to encapsulate all (ESP, AH and IKE) in TCP Traffic on port 10.000. So maybe portforwarding of TCP port 10.000 is enough...but my last try failed.
Because IPsec is complicated, I would recommend to use the OpenVPN clone function of SoftEther. There only one port (tcp or udp) must be forwarded on server side and (normally) no problems on client-side. Maybe some very, very restrictiv firewalls. But if SoftEther listen on TCP Port 443, it should work everythere, where normal https-browsing is allowed.
* i'm not sure, but I would say vpn passthorugh is only necessary, if ESP and AH is used directly. If its encapsulated in udp (or tcp), it should work also on routers without vpn-passthrough because it looks for the router like normal IP-Connections and not like IPsec.
and I'm sorry for my english ;)
> But most home routers *do* have a VPN Passthrough setting. So you may want
> to check this on your router.
VPN Passthrough is a function for the "Client-Side". If he use his iOS device behind a NAT router, this router should* have vpn passthrough*.
If the server is also behind a nat-router, he have to forward the IPsec traffic from the router to the server, And IPsec doesn't use TCP or UDP. It use AH and ESP. But IPsec has some "features" which support to encapsulate AH and ESP in UDP Traffic (Port 4500). For the Key-Exchange UDP Port 500 is used.
So, on server side, you have to port-forwarding [ UDP port 500 & 4500 ] or [ UDP 500 & ESP & AH ](ESP and AH havn't ports. You can forward all or nothing^^)
Wikipedia says, its also pssible to encapsulate all (ESP, AH and IKE) in TCP Traffic on port 10.000. So maybe portforwarding of TCP port 10.000 is enough...but my last try failed.
Because IPsec is complicated, I would recommend to use the OpenVPN clone function of SoftEther. There only one port (tcp or udp) must be forwarded on server side and (normally) no problems on client-side. Maybe some very, very restrictiv firewalls. But if SoftEther listen on TCP Port 443, it should work everythere, where normal https-browsing is allowed.
* i'm not sure, but I would say vpn passthorugh is only necessary, if ESP and AH is used directly. If its encapsulated in udp (or tcp), it should work also on routers without vpn-passthrough because it looks for the router like normal IP-Connections and not like IPsec.
and I'm sorry for my english ;)