Passthrough UDP 1701

Add a rule that allows the port through the firewall.

Ian

I tried this as my top most rule. But still no luck. 

I tried also only my 1702 UDP services under services. Does not help.

Hi,

that rule is a good test rule but it is a security risk for production.

Why do you want to pass that port through to the internet, a normal firewall source LAN, LAN network, destination wan, any service port 1701 (definition UDP  1:65536 to 1701). Assumption you are using the default NAT rule otherwise if you are using linked rules access will fail. If you only have one internet connection then a standard default NAT is all you need.

Ian

Hi,

that rule is a good test rule but it is a security risk for production.

Why do you want to pass that port through to the internet, a normal firewall source LAN, LAN network, destination wan, any service port 1701 (definition UDP  1:65536 to 1701). Assumption you are using the default NAT rule otherwise if you are using linked rules access will fail. If you only have one internet connection then a standard default NAT is all you need.

Ian

Sure it is only a testing rule. 
I want to make it work. Could it be that it is an issue in the current v18?

To clarify: I want that a workstation in my LAN can connect to an internet L2TP server:

Should not the **Default SNAT IPv4** handle this situation?! I really do not understand why my connection is dropped and not even in the logs/capture.

I wonder if changing your rule from Source Zone 'Any' to 'LAN' and Destination Zone from 'Any' to 'WAN' would work.

I tried it but did not change anything.

I do not think it an FW issue because otherwise, it would be in the logs.

I believe my NAT rules or the internal VPN server are blocking that port.

Here is my nat rule (the usage counter is zero so must not be used at all):


My service:

I don't know what's going on then. A separate NAT rule is not required, your firewall rule just uses the default NAT rule.

Hi,

please take a step back and look at the setup on your PC.

Ian

PC is connecting fine if I remove Sophos and replace it with my old router or connect to my home wifi.
My PC logs do look as followed:


Mon Feb 28 12:17:50 2022 : l2tp_get_router_address
Mon Feb 28 12:17:50 2022 : l2tp_get_router_address 192.168.178.1 from dict 1
Mon Feb 28 12:17:50 2022 : L2TP connecting to server <public-L2TP-IP>' ...
Mon Feb 28 12:17:50 2022 : IPSec connection started
Mon Feb 28 12:17:50 2022 : IPSec phase 1 client started
Mon Feb 28 12:18:00 2022 : IPSec connection failed

So, in summary you are saying there is an issue with your XG configuration? What other tests have you tried eg can you websurf, does your pc get an address, gateway and dns from the XG?

ian