Accessibility Resource Center Skip to main content
Get it fast with In-Store & Curbside Pickup or same day delivery.

Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

SOLVED
Reply
haxin
Contributor
Contributor
Posts: 2
Registered: ‎05-11-2014

Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 1 of 7
(54,584 Views)

I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well.  Port forward configurations performed on the Actiontec are working well. 

I installed an L2TP/IPSec VPN server, tested internally and it connected successfully.  So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.

 


I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.

Verizon-L2TP-IPSEC.png
Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules

 

 

With the port forwarding in place, I tested VPN externally but it didn't connect.

I've done the following so far to no avail:

  1. Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
  2. There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
  3. There was an L2TP port triggering rule enabled, that I toggled on and off with no change
    Image
  4. Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)


Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router.  But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this.  For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?




My router details:

  • Verizon Actiontec
  • MI424WR-GEN2
  • Revision E
  • Firmware 20.21.0.2


Verizon Actiontec built-in L2TP/IPSec rule templates.  They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
Image

1 ACCEPTED SOLUTION

Accepted Solutions
Hubrisnxs
Platinum Contributor III
Platinum Contributor III
Posts: 5,881
Registered: ‎07-22-2009

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 2 of 7
(54,541 Views)

normally a vpn on that router, will have a GRE tunneling protocol as well.

 

 

two ways to build the PF rules,

Manually

Preconfigured

 

I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it.

 

pfwd.JPG

View solution in original post

6 REPLIES 6
Hubrisnxs
Platinum Contributor III
Platinum Contributor III
Posts: 5,881
Registered: ‎07-22-2009

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 2 of 7
(54,542 Views)

normally a vpn on that router, will have a GRE tunneling protocol as well.

 

 

two ways to build the PF rules,

Manually

Preconfigured

 

I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it.

 

pfwd.JPG

View solution in original post

haxin
Contributor
Contributor
Posts: 2
Registered: ‎05-11-2014

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 3 of 7
(54,538 Views)

That's interesting, because none of the built-in (predefined) IPSec or L2TP 'services' (read: Port Forwarding Rules) had GRE enabled. (see last screenshot in my post).

 

However, I can add GRE to the new 'service' I defined in Advanced > Port Forwarding Rules.

 

I did that this evening, saved the rule, re-verified the port fowarding rules under Firewall Settings > Port Forwarding now shows GRE.

 

With GRE enabled in the 'all-in-one' L2TP/IPSec rule, its now allowing me to connect to the VPN server behind the Actiontec router.

 

Many thanks for that tip! Smiley Happy

 

Hubrisnxs
Platinum Contributor III
Platinum Contributor III
Posts: 5,881
Registered: ‎07-22-2009

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 4 of 7
(54,500 Views)

glad that worked, I'll have to play with my router again,  When I did it it came as a part of the preconfigured rules, and I Couldn't add the GRE (if I remember correctly, and sometimes I Don't) 

 

glad I saved that screen shot and glad it helped. 

Hubrisnxs
Platinum Contributor III
Platinum Contributor III
Posts: 5,881
Registered: ‎07-22-2009

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 5 of 7
(54,339 Views)

just as a follow up to this one, even though it's a resolved issue, I was able to get the GRE configured using the preconfigured PPTP from the drop down list.  I could also get it from advanced as you described, but the preconfigured PPTP will configure the GRE protocol as well.

 

 

🙂

inforr
Contributor
Contributor
Posts: 5
Registered: ‎04-05-2009

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 6 of 7
(53,748 Views)

Has Verizon started to block inbound L2TP? I followed the instructions here and have the combined all in one rule as haxin has with GRE but it doesn't work. Connecting locally works fine. Any ideas?

Hubrisnxs
Platinum Contributor III
Platinum Contributor III
Posts: 5,881
Registered: ‎07-22-2009

Re: Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

Message 7 of 7
(53,687 Views)

according to their TOS they don't block it, and we haven't heard any reports of them blocking it on these or the DSLreports forums.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.
Modal Dialogue Title