LT2P via DDNS and NAT-T

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
peted
Posts: 4
Joined: Wed May 15, 2019 8:57 am

LT2P via DDNS and NAT-T

Post by peted » Sun May 17, 2020 10:56 am

Hi, We have an operational vpn server with several windows client all using the softether client. the server is making use of the DDNS and NAT-T functions and we have nothing set up on our firewall. All is OK.

We now need to allow a copy of mac users to connect. I have enabled LT2P on the server, but nothing can connect to this, it just times out (mac or windows). should this work through DDNS and NAT-T?

Also I know the there is a mac client, but it is command line, but i can not find any instructions on how to configure this, can any one point me in the right direction?

Many Thanks

centeredki69
Posts: 292
Joined: Wed Sep 18, 2013 1:49 pm

Re: LT2P via DDNS and NAT-T

Post by centeredki69 » Mon May 18, 2020 12:51 pm

L2TP/IPsec requires that you open/ forward ports UDP 500 & UDP 4500 to the SE server host. Also you would need to activate the L2TP/IPsec feature on the SE server. See Link for setup. Port info is at bottom of the page
https://www.softether.org/4-docs/2-howt ... VPN_Server

peted
Posts: 4
Joined: Wed May 15, 2019 8:57 am

Re: LT2P via DDNS and NAT-T

Post by peted » Tue May 19, 2020 10:24 am

We are unable to use port forwarding, we are behind a managed firewall/router, and if we set up port forwarding, the ISP says we have to specify a source IP. As these is for remote access, this will be different most of the time. So Port forward is out of the question.

So i need to know how we can enable macs access through the NAT-T Feature.

Any Advice would be great.

centeredki69
Posts: 292
Joined: Wed Sep 18, 2013 1:49 pm

Re: LT2P via DDNS and NAT-T

Post by centeredki69 » Tue May 19, 2020 7:20 pm

You could try the MAC client although SE themselves recommends you do not use it. I have no knowledge of how to implement it. However, one solution you could use is to install another "SE-SERVER" at a second location ie. house, 2nd office or even be a cloud hosted VM. The location of course would need to have the ability to open/forward the proper L2TP/IPsec ports. The "office" SE-Server would make and maintain an outbound "cascade connection" to the "offsite" location. The MAC clients would connect to the "offsite" SE-server and have access to the Office through the "cascade connection".
relay.jpg
You do not have the required permissions to view the files attached to this post.

fordmurphy
Posts: 1
Joined: Thu May 21, 2020 9:17 am

Re: LT2P via DDNS and NAT-T

Post by fordmurphy » Thu May 21, 2020 9:18 am

I am unable to use port forwarding...

drkrool
Posts: 47
Joined: Mon May 25, 2020 4:38 am
Location: Quebec, Canada

Re: LT2P via DDNS and NAT-T

Post by drkrool » Tue May 26, 2020 11:49 pm

I'm not quite sure this would be a reliable solution if you are talking about doing this in a buisness.

Is the port issue with the firewall only on port 500 or can any other port be opened?

Post Reply