L2TP passthrough


Hello, I have a VPN server that is located behind a Balance One and I have forwarded UDP 500, 4500, 1701, AH, and ESP to my VPN server. Nat-t is enabled.

I can’t seem to connect to my VPN server externally. I can connect internally with L2TP and PPTP just fine, I can connect PPTP externally fine, but L2TP does not work externally. I’ve verified my shared keys and everything else.

If I use the built in VPN server, I can connect to the Peplink using L2TP, but that is not great as it is yet another password the user needs to know.

Does anyone have any ideas?


Please open ticket for us to take closer look at the settings of Balance One.

Thank you.


Have you opened the ports in the firewall? Port forwarding won’t happen if the firewall is blocking.


The firewall is set to allow all, so it isn’t blocking anything.

Clifton Hamilton
Operations Manager
Innovative IT Concepts, Inc.


Clifton - not sure we’re saying the same thing. I’m talking about inbound firewall rules, not outbound. If your inbound firewall is truly set to Allow All, that would be a dangerous thing.


Well there is port forwarding and then there is the firewall. By default the firewall in the Peplink is set to allow all. On if we wanted to lockdown traffic incoming or outgoing to an extra level would we change those settings. In short, we are running stock settings.


I have the same exact problem. Did you ever find a solution?


I did, if you have a Pepvpn site-site connection, it uses the same port. Go into the PepVPN and into your VPN connection and inside there is a “data port”, I was recommended to used 32015, but I’m sure any non-conflicting port will be fine.

Clifton Hamilton
Operations Manager
Innovative IT Concepts, Inc.


Hi there
I have the same issues. L2TP, does not connect. Any solution?


In the Peplink you have to change the port that the PepVPN is using to something else. By default, it uses the same port as L2TP. It was a weird one but my supplier told me the solution and it worked instantly.

Clifton Hamilton

Operations Manager

Innovative IT Concepts, Inc.


Yes, I already used 32015 as Custom Port. I’m still having the same problem. PPTP works perfect, but does not work with Ipad an Iphone with L2TP protocol. That is my problem.
Thank for response.


You must use the Peplink as the L2TP endpoint, not port forwarded or anything. The L2TP passthrough is more for outgoing than incoming. I’ve had mixed results with incoming since L2TP doesn’t like being port forwarded and Windows need registry hacks to allow it and such….

Clifton Hamilton

Operations Manager

Innovative IT Concepts, Inc.


Or use a NAT Mapping, but use that carefully, once you do, that host is wide open to the Internet unless your firewall rules are setup right (default is ALLOW ALL)


My scenario is diferent. I need connect several clients from a external network to my VPN Server… I need that my DC and VPN server are in charge of clients credentials ( no radius server), I can connect now using L2TP, but something happend because my clients have a correct IP from my network but they can’t reach the APP server. Any suggestion>???