Troubleshoot VPN passthrough for home routers
A VPN is a way to connect two secure networks over the Internet – for example a home network and a corporate network. It needs special equipment or software at both ends.
The term “VPN transit” on routers means that the device does not support one of the endpoints, but only allows traffic from those endpoints to “pass”. All NETGEAR routers support VPN passthrough for IPSec, PPTP, and L2TP. To create one of these endpoints, see What is a VPN (Virtual Private Networks)?
This article applies if you are already connected to a VPN, but installing a NETGEAR router has stopped your VPN from working.
NETGEAR routers with VPN pass are meant to work without modification, but sometimes troubleshooting is necessary to locate the problem. If your router supports 0 VPN terminators, you need other hardware or software besides the router.
The current home routers that support VPN passthrough are the DGN1000 and D6300.
Note: These do not contain a VPN wizard, and policies cannot be created on them.
The DGN2200v3, DGND3700v2, D6200, and DGND4000 all support the VPN processor. Details are in the user manual. For an example, see link.
Any of these steps might solve the problem:
- If your device supports NAT-T (NAT Traversal), turn it on.
- Contact your network administrator to understand the details of how you need to configure your VPN software. (The popular software is Cisco NAT-T and NETGEAR ProSAFE).
- If your company uses an L2TP pass-through, register your router’s MAC address with your company’s system administrator.
- Upgrade to the latest router firmware.
- Enable port forwarding for VPN port 500, (for IPSec VPN), port 1723 for PPTP VPN, and port 1701 for L2tp-L2tp routing and remote access. Port 500 may be listed under the Services list. You can visit this link for more information on port forwarding: How do I configure port forwarding on routers using the NETGEAR genie interface?
Note: Check if the WAN IP is public or private. Ports can only be opened on public IP addresses.
- By default, the router’s firewall is configured to drop (delete) ICMP packets sent from outside your network to the WAN port. Your VPN may require ICMP packets. to accept them:
- Log in to the router with a browser by typing http://192.168.0.1, http://routerlogin.com, http://routerlogin.net or http://192.168.1.1.
- Type Admin for username and The password for the password (unless you changed the password from the default).
- Choose WAN setting > advanced > Reply to Ping on the Internet Port.
- click Progressing.
Business Routers & VPN-supported UTM
Configure PPTP VPN Tunnel for ProSafe / ProSecure Routers
Configure L2TP VPN Tunnel for ProSafe / ProSecure Routers
Last update: 11/28/2016 | Article ID: 966