TL-ER604W - VPN through dual NAT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-ER604W - VPN through dual NAT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-ER604W - VPN through dual NAT
TL-ER604W - VPN through dual NAT
2016-01-05 08:10:03 - last edited 2021-08-21 05:54:36
Model : TL-ER604W
Hardware Version : v1.0
Firmware Version : 1.1.0 Build 20141031 Rel.32628s
ISP : Bredbånd Nord (Broadband North) (local danish fiber provider)


Hi guys, really hope you can help me.

I need to setup a VPN-connection ( L2TP/IPsec protocol) from a few Clients to my LAN that's behind a TL-ER604W (with the latest firmware) AND my ISP's Modem/Router ( ICOTERA IGW3000).
Through that VPN-connection clients should be able to access everything on the LAN and be able to access the internet (via the TL-ER604W / IGW3000)

So yes - Dual NAT :eek: .

My ISP's Modem/Router [i]cannot[/i] be put into Bridge Mode since it has some custom made firmware installed (by my ISP).
It does however have the option to place an IP-range into DMZ.
So that's what I did - I placed my TP-Link in DMZ.

Everything seams to work just fine - Except a VPN-connection.. I just can't get it to work.
Do I need to open ports on the TP-Link??
Can any of you guys please tell me EXACTLY what to do to get a L2TP/IPsec VPN-connection up and running??

Here's a map of my current network (hope it helps).
The VPN-part of the above is what I would like to achieve.

"Bonus info".
From my web browser:
73.XX.XX.XX and 192.168.1.1 sends me to my ISP's Modem/Router Admin log-in page.
192.168.1.2 and 10.0.0.1 sends me to the TP-Link Router Admin log-in page.

I'd very much like to keep the 10.0.0.0/24 range on my LAN.

Very kind regards


[edit] - 2016.10.11
My "IGW3000" gave up a few weeks ago :mad: - I now have a fiber modem in front of my TL-ER604W - No more "DMZ" - No more "DUAL NAT" :cool::cool::cool:
  0      
  0      
#1
Options
4 Reply
Re:TL-ER604W - VPN through dual NAT
2016-01-08 15:42:47 - last edited 2021-08-21 05:54:36
Just one question to comfirm: does your modem router ICOTERA IGW3000 supports PPTP/L2TP VPN passthrough function?
In my opinion, your problem is not caused by the port opening but the VPN passthrough of your modem.
  0  
  0  
#2
Options
Re:TL-ER604W - VPN through dual NAT
2016-01-09 05:00:50 - last edited 2021-08-21 05:54:36
I'm honestly not sure if it supports VPN passthrough - But according to my ISP (local fiber provider - "Bredbånd Nord" [Broadband North]) others made VPN work with that specific Modem/Router..
So I'm [u]guessing[/u] it DOES support VPN passthrough.

However, I don't see it mentioned anywhere in the specs.
I'll have another look in a minute.

[edit]
I have contacted the Modem manufacture and asked them about VPN passthrough functionality.
Might be a while before they send me a reply - It's weekend...
  0  
  0  
#3
Options
Re:TL-ER604W - VPN through dual NAT
2016-01-13 11:43:48 - last edited 2021-08-21 05:54:36
So, what is the result?
  0  
  0  
#4
Options
Re:TL-ER604W - VPN through dual NAT
2016-03-05 05:57:28 - last edited 2021-08-21 05:54:36
I am so sorry for replying this late. I've been extremely busy working lately.

Now - I contacted the modem manufacture regarding VPN passthrough - In short, their answer was "contact your ISP"... :mad: Thanks a lot.
But that's what I did - I contacted my ISP.
I explained my situation and my setup to a technician - He confirmed that VPN passthrough SHOULD work on that particular Modem/Router with my current setup (TL-ER604W in DMZ).
After going through all the Modem/Router settings, we located the "error"... :cool:

I had disabled DHCP on my ISP's Modem/Router and supplied my TL-ER604W mac-address with a static IP (192.168.1.2) - Just to make sure that the IP would never change on the WAN-side of the TL-ER604W.

THAT setting is what killed my VPN-connection. :confused: :confused: :confused:

I then re-enabled DHCP and limited the IP-pool to just one address (192.168.1.2) and BINGO! - VPN is now working (sort of, but that's a question for another thread)

I can't explain why DHCP has to be enabled in order to make VPN work.
If only my ISP's Modem/Router had a Bridge mode option...

Thanks and kind regards
  0  
  0  
#5
Options