VPN Pass-Through Setup

Vigor Router supports VPN pass-through to pass VPN traffic router's LAN. This article shows how to set up VPN pass-through on Vigor Router.

To do this, you will need:

1. Disable the VPN service on the router: Go to VPN and Remote Access >> Remote Access Control Setup, un-check the VPN protocol that you want to forward to the router's LAN.

a screenshot of DrayOS Remote Access Control Setup

2. Go to NAT >> Open Ports, and open the required port to the IP address of the VPN server. The ports required for each protocol are:

a screenshot of DrayOS Open Port settings

3. For IPsec that uses PKI authentication, it is necessary that “Accept large incoming fragmented UDP or ICMP packets” is enabled at Firewall >> General Setup.

a screenshot of DrayOS Firewall General setup
Limitations of IPsec VPN

Noted that there are some limitations of IPsec VPN pass-through due to the incompatibilities between IPsec and NAT:

  1. IPsec with Authentication Header (AH) cannot pass through NAT because AH does not allow changing the IP header
  2. To pass through multiple outgoing IPsec tunnels, it requires that both the VPN client and server support NAT-Traversal (NAT-T). Without NAT-T, it only allows one outgoing IPsec VPN at the same time.
  3. L2TP with IPsec policy is in transport mode, which can only pass through NAT if both VPN client and server support NAT-T (Note: All Vigor Router support NAT-T).

Published On:2015-11-12 

Was this helpful?   

book icon

Related Articles