NAS-Hosted VPN (L2TP/IPSec) behind Plusnet Hub One
hoping for some advice...
I am currently following the (absolutely excellent) articles provided by 'MyDoodads.com' (Example: https://my-doodads.com/how-to-setup-a-synology-nas-part-35-installing-and-configuring-l2tp-ipsec-on-... ) attempting to set up a Synology NAS-Hosted VPN (L2TP/IPSec), behind a "Plusnet Hub One" Router (which has a static external IP).
However; I'm being somewhat challenged by the required Port Forwarding set-up... I know this may technically be more of a NAS / VPN config issue and therefore a "Synology Question"; so I've posted in their forums also. But I am seeking assurances that the Port-Forwarding options on my Plusnet Hub One can actually be configured to allow what I require.
I've attempted following the article linked above (and those either side), and I am very confident that my NAS firewall rules are accurate... I am also not running the User Account Firewall provided by Plusnet, and have my 'Configuration' under Advanced Settings > Firewall set to 'default'.
...So, the issue I am having is understanding how the Port Forwarding needs to be set to ensure that data from the outside world is reaching the right ports on my NAS. I have attempted to follow the instructions provided on the NAS VPN set-up guide, but this is largely based on the router supporting UPnP configuration, and being a supported model...
Officially the Plusnet Hub One does have UPnP, though it is not a 'supported' router from Synology's perspective, the Hub One also has a option for 'Extended UPnP Security', (which is not mentioned anywhere I've read on Synology settings / config options).
Attempting to use the 'Router Setup' wizard options provided by Synology, doesn't seem to allow the ports to forward properly from the Hub One to the NAS. Specifically, ports 1701 and 4500 are happy to be shown translating from/to Local/Router ports, but Local Port 500 seems to automatically translate to a randomised Router Port number much higher than 500. When I have run this Wizard, I get progress bar's informing me that new port-forward rules are being written to the router, but there is never any sign of these on the Hub Manager pages anywhere.
But if I create hard Port-Forward Rules (for all three VPN ports) on my Router, which are then directed to the NAS Local IP and disable the Router's UPnP option, would I even need a Port-Forwarding rule configured on the Synology NAS also? I have created a custom 'Game or Application' which forwards the correct 3 UDP ports for my purposes, and set this service to point at my NAS, but to no avail.
Ideally I'd rather not have the Routers UPnP enabled at all, as I'm aware this is a security risk to some extent.
The Plusnet Hub One has a feature called 'Port Clamping' in its configuration settings which is supposed to affect port 500, but having this enabled or not seemingly makes no difference...
Sorry for the length of this message; I'm hoping to provide all the info anyone will need to see where I have gone wrong / mis-configured something.
Many thanks in advance,
Re: NAS-Hosted VPN (L2TP/IPSec) behind Plusnet Hub One
Have you checked the Plus Net firewall?
Log into the members centre navigate to >Broadband >Firewall
If High this could be your issue, try Off or Low. You will need to restart the Hub One if you change the setting.