[nonhuman]

Hi,

I'm trying to set up an L2TP VPN using the built-in server software in OS X Server. I've got it all working except for one thing: I don't know which ports need to be open on the firewall for me to be able to connect from outside. A google search didn't exactly make it clear.

Does anyone know which ports need to be open for this?

Thanks.

[krove]

UDP 500, 1701, 4500

This is according to Apple. Unfortunately, when I forward these ports to my server from the Airport Extreme, users still get an error when attempting to connect via VPN. This is with Mac OS X Leopard Server 10.5.1. Are there other ports that Apple has failed to mention?

[Nivag]

They are the same ports i've forwarding as well and they work fine.

Sorry don't know what else to suggest apart for checking any firewall settings?

[l008com]

I'm running 10.5.1 server and I'm also trying to get L2TP VPN working through my firewall. I tried all 3 ports: 1701, 500, 4500, and also checked off "UDP inbound and responses to same port" but still no luck. I can only connect to my VPN with my firewall turned off completely. I'm clueless, anyone know whats up?

[krove]

Mine just started working. I think it had something to do with the startup sequence of the router and server or perhaps it was just a matter of restarting the devices before I could punch through with VPN.

[l008com]

I'm still not having any luck. My VPN will not work with my firewall on. I have UDP 500, 1701 and 4500 poked through my firewall. Still nothing. All the other services i poked through work fine. Just not the VPN.

[ghporter]

nonhuman and l008com, have you actually restarted everything? I'm sort of following krove's logic here-I've seen enough systems work that way that I like to make sure everything has a nice, fresh start when I set up something complicated like this. And krove, you mentioned your startup sequence-what was it? I'm guessing that either the router's forwarding depended on the server being fully started, or the server's services depended on the router being fully started. Either way, which way did you get your stuff started?

[l008com]

Well i'm not trying to port forward. My server is (going to be) directly on the internet and I'm just trying to open holes in the firewall. That said, yes I have restarted the computer a bunch of times for various reasons. No effect on the VPN. It still works when you stop the firewall, and doesn't work when you start it.

[krove]

At this point, I cannot remember the startup sequence of the Airport Extreme, DSL modem and server. I was so frustrated with the issue that at one point I just restarted everything at once (or nearly so) and then gave up. A few days later, I tried it and it worked. Go figure. I pretty sure, though, that the startup sequence is often the culprit here. It may apply to both port-forwarding AND open ports on a firewall.

My best guess is that the DSL modem/internet connection should be on, then the firewall/router, then the server. Logically, that makes the most sense.

[l008com]

I found my answer, I had to also enable GRE and ESP. Runs great now :-)

[kabrutus]

how do you enable gre and esp on an airport extreme