Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access by VPN both inside and outside the WAN IP

Kalamardo
Level 7

‎10-31-2019 02:37 AM - last edited on ‎03-06-2024 07:30 PM by Community Admin

Hello good Morning

I have an Asus RT-AC68U router connected to the ONT of the fiber company that is working perfectly.

We have a management software designed for people who are out of the office and said software you configure the vpn connection you are going to have (ip, username, password, etc.) and he connects with that data to the office. The problem is that it only allows you to put a configuration, an IP, so, when you are out of the office, there is no problem, it connects, you access the data and well, but when you are inside the office, with the WIFI of the router or network cable, the software does not connect because the IP you are calling is the WAN IP and the VPN connection fails.

I have tried and with this Asus router if I configure the VPN as PPTP it is able to access with the Wan IP both outside the office and inside the office, but it seems very unsafe and I prefer to use L2TP. The problem is that with L2TP the VPN does not work inside the office.

Do you know why PPTP works and not L2TP? Is it a technical limitation or is it something that can be configured on the routers to work? I've been looking for Google but I can't find a case like mine or I haven't been able to search
0 Kudos
7,770 Views
1 REPLY 1

RedSector73
Level 12

‎10-31-2019 03:13 AM

PPTP:-
PPTP is a fast, easy-to-use protocol.
VPN Encryption: 128-bit
VPN Security: Basic encryption that is fast due to lower encryption.
PPTP or Point-to-Point Tunneling Protocol is a method used for creating Virtual Private Networks over the internet. It is developed by Microsoft. With its use, users can remotely access corporate networks from any Internet Service Provider (ISP) that supports the protocol. PPTP works at the datalink layer of the OSI model.

There are various kinds of network protocol and PPTP encapsulates and transports them over IP. If the original protocol is IP, its packets will follow along as encrypted information along PPTP packets. As expected, PPTP is derived from the Generic Routing Encapsulation protocol (GRE) and Point-to-Point Protocol (PPP). As it is from Microsoft, the encryption is done via RC4-based Microsoft Point-to-Point Encryption.
PPTP is often favored because it is easy to use and to set-up. However, it can be crude and in terms of functionality and efficiency, it may be outdone by its descendants such as L2TP. PPTP is rather ancient but still considered popular. In PPTP, control and data streams are separated. Control streams are over TCP while data streams run over GRE. This makes PPTP less firewall-friendly since GRE is often not supported.


L2TP:-
L2TP is a good choice that requires more CPU processing to encapsulate data twice
VPN Encryption: 256-bit
VPN Security: Highest encryption. Checks data integrity and encapsulates the data twice.

Layer 2 Tunneling Protocol or L2TP is a tunneling protocol that allows remote users to access the common network. L2TP lets a Point-to-Point Protocol (PPP) session travel over several networks and links. L2TP was actually taken from PPTP of Microsoft and Cisco’s L2F or Layer 2 Forwarding technology. Thus, LT2P has the features of PPTP as it combines PPTP’s control and data channels and it is being run over a faster transport protocol, UDP. Since UDP is fast and more ideal in real-time exchangers, in addition to the combined transport of control and data streams, L2TP is found to be more firewall-friendly.


Asus RT-AC68U:-
I would consider flashing your router Asus RT-AC68U to Asuswrt-Merlin firmware located here https://sourceforge.net/projects/asuswrt-merlin/files/RT-AC68U/Release/
This will give you much better control and the ability to write unique scripts. You can flash back to Asus stock firmware at any time. Why Asuswrt-Merlin is better is covered here https://www.snbforums.com/threads/about-asuswrt-merlin-custom-firmware-for-asus-routers.7846/

I don't doubt your having issue finding a way to make this work but you can only use whatever your office uses as encryption, you cant just upgrade your end and improve security and if you went via say other VPN (using L2TP or openVPN) then to your Office VPN it would actually lower security of the whole not improve it (assuming the hacker can see both streams, it would provide leverage to cracking them both, not twice the security).

You could use two network cards, and tunnel anything office related (programs etc) to network card that's encrypted via windows firewall software, while the other being default everything else or use another equal method at router level.

Hope you find this post of help.
0 Kudos