Community discussions

User avatar
just joined
Topic Author
Posts: 4
Joined: Mon Jan 15, 2018 9:42 pm

l2tp Server behind NAT router

Thu Jan 18, 2018 7:52 pm

I'm asking if somebody was able to set up a l2tp server with IPSEC behind a NAT router.
It's simple and easy to set it up in a MKT router with a public or directly accessible IP address, but behind a natted router it won't connect, even if I forward all necesary protocols.
In some forums I'd read that it's impossible to set up this kind of l2tp servers behind NAT... but, anybody has one running?
User avatar
Forum Veteran
Forum Veteran
Posts: 868
Joined: Fri Jul 28, 2017 2:53 pm

Re: l2tp Server behind NAT router

Tue Apr 03, 2018 10:08 am

In theory, there must be NAT rule on border and correct firewall rules on second router-server. With default rules on second router(establish, related connections), there must be no problems, because initiator of first packets is client.
User avatar
Forum Veteran
Forum Veteran
Posts: 823
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK

Re: l2tp Server behind NAT router

Tue Apr 03, 2018 1:23 pm

I have done this previously with no issues at all. You just forward the ports from your border router as you would normally to the local address. Just make sure all forwarding is done such as the UDP ports and then protocol ipsec-ah (51) and ipsec-esp (50) depending which you need.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
just joined
Posts: 15
Joined: Sat Apr 14, 2018 3:33 pm

Re: l2tp Server behind NAT router

Fri Nov 09, 2018 9:04 pm

Sorry to bump this old thread, but is there anything extra to be done except NAT-ing ports to use this solution? I have problems....
I've NAT-ed UDP ports 1701,500,4500, ipsec-ah and ipsec-esp and gre. Still nothing. I have PPTP VPN working, but would like to transit to more secure solution. So I just made NAT rules similar to existing one.

Who is online

Users browsing this forum: No registered users and 2 guests