It appears that when the router is connected to any upstream network, ANY client connected to the router, cannot use its VPN client, any VPN client, to connect through the router. I have tried the default macOS VPN client, Android, Linux ipsec/l2tp and my iPhone. ALL fail.
If I connect those same clients’ VPN through my phone’s hotspot, it works. Same with a hotel WiFi network.
I don’t (and cannot) install or configure a VPN client on the router itself, the configuration MUST live on the client device.
How am I supposed to connect VPN clients through the AR750S, without it blocking/denying the connection?
I’ve read dozens of forum and blog posts implying that L2TP is half-baked, half-working, not-working-at-all in even the latest beta/snapshot firmware, but that doesn’t appear to be the case. I tried unticking the 'DNS Rebind" protection as suggested in another post, still no luck.
Is there a way to configure the AR750S to permit VPN access through its network? What am I missing?
Yes, as a normal router, it works fine (though, more-recent firmware versions seem to disconnect a LOT more often than prior versions, dozens of times per-hour).
Router is connected to upstream network (hotel, train, home, etc.) and all clients are configured to connect to the AR750S only.
When I then try to use a default client VPN configuration (L2TP + PSK) that passes through that router, it ALWAYS fails to connect, and the client logs indicate the router terminated the connection.
When I then enable the hotspot on one of my phones and connect a laptop (or another phone) through it, and use that device’s VPN client (the one that moments before, failed to work through the AR750S), it works every time.
If I pair my laptop (macOS, Linux, Windows, I’ve tried all three) directly to the hotel WiFi, and load up the default VPN client on those devices, it works every time.
What doesn’t work, is putting the AR750S between the upstream network and the client device.
Suddenly I remember that l2tp need to enable passthrough.
Can you add the two rules to enabled port 500 and 1701
config rule
option src wan
option dest lan
option proto udp
option src_port 1701
option dest_port 1701
option target ACCEPT
config rule
option src wan
option dest lan
option proto udp
option src_port 500
option dest_port 500
option target ACCEPT