I’ve searched and likely owing to my own shortcomings on knowledge of this topic, I cannot seem to accomplish setting up a VPN (L2TP with IPsec or PPTP or OpenVPN). I’m trying to connect a remote user (using an iphone) to my router VPN. Regardless of the configuration I try, I typically get a connection error.
I’m sure this is likely user error and as stated, I am far from knowledgeable on this subject matter. Is there a step-by-step guide available for this? The firmware on my MAX-BR1-Pro 5g is 8.2.1 build 5018. The iphone is on iOS 16.1.1.
I guess I’m trying to ascertain what the most fundamental steps are. Based on what I did read, I think I want the L2TP with IPSec configuration accessed through advanced/remote user access. Attached is my screen shot. I do not have a WAN cable connected to the router so the only connections are Wi-Fi Wan (2.4 and 5.0 GHz from StarLink) and Cellular, currently using AT&T in Sim A slot.
The Configuration options I see on the iPhone are L2TP, IKEv2, and IPsec. I chose L2TP and entered the information from my MAX router configuration.
Could the Starlink router be ‘blocking’ or messing up the connection/handshake? The error message I receive on the iphone is “The L2TP-VPN server did not respond”
Exactly. You must have an unobstructed path inbound to the L2TP server, in this case your Peplink router. If you are behind any form of Carrier Grade Network Address Translation (CGNAT) it’s not going to work – period. There has been considerable discussion of this issue here on the Forum and elsewhere.
If you want to test your router configuration I’d suggest doing as @soylentgreen suggested: Place your router behind a WAN that is “known accessible.” Otherwise you will not knows if you have a config issue or are the victim of CGNAT.
In so far as we can see, L2TP is working as expected on FW 8.2.1 and 8.3.0b2.
Thanks Rick. I will explore further and read up on CGNAT which on an initial look, it initiated a headache! Might try to put the starlink router on ‘bypass’ and see if any different result. Thanks for the help, lots of good information here on the forum.
Hi @Tom_Bartolomei . Well, there are good reasons for CGNAT to “exist” even though it can be a real pain sometimes. I do not believe taking the SL router out of the “circuit” will be effective because that is not where the CG NAT is implemented – it’s at the SL network level. We have customers/clients who use Starlink but there are quite a number of very smart folks here on the Forum who have used (and modified it, in some cases) successfully. Their opinions may well differ from mine.
Seen similar issues with an OVPN and Pepwave even with the OVPN license, doesn’t matter if the main connection is cellular, ,WAN, WIFI as WAN, however the moment I introduced another brand, or even a Raspberry PI and use the same OVPN file everything connects. I am stumbled why the same file will work on other devices, but get an error ( Uplink not ready, Authentication Failed) on pepwave
