OK, so I posted a while back about trying to use a virtual MK as a VPN server. I have since received a 2011L, and am trying to set it up as a VPN server. I have it set up as a router, nated properly behind my main router. I have tried L2TP with IPSec and PPTP, and have had no luck. It actually verifies the username and password, and then tried to make the actual connection and fails. I have also completely disabled the firewall on the MK with no luck either.

You wrote what you think you did, but we can't verify that. Failing connection after login succeeds typically happens with PPTP, when the main TCP port is accessible, but GRE doesn't pass correctly. Looking at your previous posts, I'd suggest to start with local-only test, completely isolated from any real network.

Configure RB as router, connect one device to its LAN, put static address on WAN and finally connect another device to WAN, also with static address, but (and it's important!) without default gateway. Configure VPN on router, then VPN client on device connected to router's WAN, and try if you can reach device connected to router's LAN. The missing gateway on client will ensure that you will only reach LAN device if you successfully connect to VPN. And if that works, you can continue with real-world scenario.

Well, if I stay on my main network, and I tell my computer to connect to the address that my VPN router holds, then it works just fine! So, it seems it is only outside of my internet connection where the problem lies. So, my ISP is probably blocking something important....

Or there might be some problem with:

I have it set up as a router, >>nated properly behind my main router<<.

How would you suggest I set it up behind my other router? I have a masq rule setup to send traffic out of the "WAN" port. On my main router, I have DMZ turned onto the address my MK is on. My router also has PPTP and L2TP using IPSec passthrough.


EDIT: I took my main router out of the equation and it works. So, I guess I need to figure out how to pass this through my main router to actually make it work. Any suggestions?

Not sure if you saw the edit or not, but, I was able to get the VPN working with the 2011 being my main router. So, how can I make this work with my Asus router being the main router?

I think I now have it!! My only issue is, windows computers cannot seem to connect. I connect on my phone just fine, but windows 7 nor 10 will connect to it. Any thoughts on this?

Is it L2TP/IPSec, I assume? The problem with IPSec is that it changes how it operates depending on presence of NAT. Other protocols like SSTP or OpenVPN don't care, they need only one port and you can have as many NATs on client or server side, change ports, anything really, and they will still work. IPSec is different. With public address, it uses ESP packets. But when there's NAT, it switches to UDP (NAT-T mode), so with public address directly on RB you tested one thing, but with RB behind NAT it's something different.

I don't have have any L2TP/IPSec server behind NAT, but if I remember correctly, Windows had some problem with this config. I think this should be the solution:
https://www.qnap.com/en/how-to/knowledg ... n-servers/

Tried with no luck, O well, I will keep at it, but for now, my phone working should be good enough for my needs!