Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


L2TP VPN over OpenVZ and NAT?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

L2TP VPN over OpenVZ and NAT?

Is this possible to do? I have found some older tutorials, but I am wondering if those methods still work, and if they are even secure. Has anyone recently set something like this up?

Comments

  • freerangecloudfreerangecloud Member, Patron Provider

    What exactly are you trying to accomplish? L2TP will connect from behind a NAT device so not entirely sure why you want to run a tunnel over-top of another tunnel?

  • @freerangecloud said:
    What exactly are you trying to accomplish? L2TP will connect from behind a NAT device so not entirely sure why you want to run a tunnel over-top of another tunnel?

    I'm wanting to get a VPN running through a built in protocol such as Ipsec over l2tp. I know OpenVPN is easy to setup for things, but most things require a downloaded program for it to work. Any method that is built into Windows, Mac, iOs and Android will be good for me.

  • freerangecloudfreerangecloud Member, Patron Provider

    OK, sorry misread the title as 'OpenVPN' not 'OpenVZ.' So to clarify, your VPN server is behind NAT, correct? If that is the case, then I'd definitely recommend OpenVPN as an IPSec tunnel with both ends behind NAT is a giant PITA.

    With OpenVPN you can run the server on an alternate port which would be forwarded to your VM. The OpenVPN Windows client is pretty straightforward to use and I know they make Android (and I think iOS) apps as well.

    The one caveat is that your OpenVZ provider needs to have tun/tap enabled for it to work.

  • @freerangecloud said:
    OK, sorry misread the title as 'OpenVPN' not 'OpenVZ.' So to clarify, your VPN server is behind NAT, correct? If that is the case, then I'd definitely recommend OpenVPN as an IPSec tunnel with both ends behind NAT is a giant PITA.

    With OpenVPN you can run the server on an alternate port which would be forwarded to your VM. The OpenVPN Windows client is pretty straightforward to use and I know they make Android (and I think iOS) apps as well.

    The one caveat is that your OpenVZ provider needs to have tun/tap enabled for it to work.

    Yeah, thanks for the info. I have used OpenVPN on a NAT OpenVZ before, and it works great, other then the fact that OpenVPN usually needs to be downloaded on the device. I have no problems doing that, but when others are connecting it can get a bit complicated. I will likely end up going with OpenVPN again, but if there happens to be a IP Sec/L2TP method over NAT that I am missing that isn't extremely hard to setup, that may be worth looking into.

  • Softether VPN can help you.

    Thanked by 1netomx
  • @ngstargate said:
    Softether VPN can help you.

    Can that be installed on NAT?

  • @jamespeach said:

    @ngstargate said:
    Softether VPN can help you.

    Can that be installed on NAT?

    Yep, as long as TUN/TAP is enabled.

    Thanked by 1netomx
  • @ngstargate said:
    Yes.
    https://softether.org/4-docs/2-howto/6.VPN_Server_Behind_NAT_or_Firewall/1.Dynamic_DNS_and_NAT_Traversal

    @Aidan said:

    @jamespeach said:

    @ngstargate said:
    Softether VPN can help you.

    Can that be installed on NAT?

    Yep, as long as TUN/TAP is enabled.

    Alright cool Ill check that out. I know many servers on SoftEther are public though, does this mean by my servers using SoftEther, anyone randomly in the world can connect to my server? I don't think this is true, I just want to make sure.

  • @jamespeach said:
    Alright cool Ill check that out. I know many servers on SoftEther are public though, does this mean by my servers using SoftEther, anyone randomly in the world can connect to my server? I don't think this is true, I just want to make sure.

    No

    Thanked by 2Aidan klikli
  • I've recently deployed Strongswan IPSEC IKEv2 on an OpenVZ server. Most OpenVZ VPS won't have IPSEC support, but there's a userland implementation as well (kernel-libipsec) that can be used if tun is available. Runs pretty well and has the added benefit that it doesn't need any additional client to be installed as most modern OS support IKEv2 out of the box. However, while the listening port of the server can be configured, most clients won't allow for that. So unless you can use the default ports 500 and 4500, that probably won't work for you.

    Thanked by 1klikli
Sign In or Register to comment.