I'm having issues connecting to a VPN server that's behind the router when the device is external, but it can connect just fine when on the local network. The VPN client is pointing to a valid, externally-resolving hosting, (ex: vpn.myDomain.com).

 

Port Forwarding Settings

UDP 80 -> 10.0.1.3:80 (Server, for public facing websites)

UDP 443 -> 10.0.1.3:443 (Server, for public facing websites SSL)

UDP 500 -> 10.0.1.3:500 (Server, IPSec)

UDP 1701 -> 10.0.1.3:1701 (Server, IPSec)

UDP 4500 -> 10.0.1.3:4500 (Server, NAT Traversal)

TCP 1723 -> 10.0.1.3:1723 (Server, PPTP)

 

Security Settings:

SPI Firewall -> Disabled

PPTP Passthrough -> Enabled

L2TP Passthrough -> Enabled

IPSec Passthrough -> Enabled

 

I did a packet trace on UDP 500, 1701, and 4500 while connecting from an iPhone with WiFi on (internal) and off (external).

 

When testing internally, ISAKMP packets traveled to and from the iPhone's internal address and the Server's internal address, and L2TP packets traveled from the Server to the iPhone. The VPN logs showed a normal connection, then a hang up when the connection was closed.

 

When testing externally, ISAKMP packets traveled to and from the iPhone's external address to the Server's internal address, but there were no L2TP packets, instead the iPhone sent 5 ESP packets 3 seconds apart before reporting that the VPN server was not responding. The VPN server logs did not indicate any connection attempts were made. 

 

Authentication is not the issue. If it were, the VPN wouldn't connect when the iPhone is on the same network. 

 

I've confirmed with my ISP that they are not blocking the ports. If they were, there would be no traffic at all when initating the connection externally. 

 

 

The only logical conclusion I can make is that the router is blocking the L2TP traffic despite the settings. Any advice? I'm about ready to dump this router and go with something else, sadly. It's been a great router otherwise.