Support Port Forwarding Required for VPN
I recently got 3 EEROs and as I was trying to work them into my home network topology, I realized I wouldn't be able to use them fully because the port forwarding feature wasn't working as I needed.
A little background: I have a Synology Disk station which runs a VPN server. It enables me to access my home network while I am not at home. In order to be able to reach it from outside of my home network (which is really, the only time I need to access it). I have to setup port forwarding on my modem and router. I had previously been using an older VPN protocol, but had to change it as I usually access it from my iPhone, which stopped supporting that protocol.
The new protocol I had to setup is L2TP. The port forwarding is on multiple ports, but apparently because this port forwarding is specifically for VPN, routers often have additional "built-in" capabilities to support VPN. I am not sure what exactly these are.
I do know that when I tried to setup my EERO to perform the port forwarding, I was not able to connect to my VPN server when outside of my network. So, to get around this, I have used my EEROs in bridge mode, and have my older router performing DHCP and port forwarding.
This is now working but I essentially have an additional piece of hardware in my network just to perform those functions. Where as, if the EERO was able to support port forwarding for VPN, it wouldn't be necessary. I realize it's a bit of an ambiguous request, because port forwarding is supported on the EERO. So the feature request is: support port forwarding for all VPN protocols, especially the ones supported by iOS devices.
Hey FuzzyG !
I was only aware of 3 ports that require being forwarded (according to my VPN server's guide):
500, 1701 and 4500
Here's the post I found which mentions the additional requirement the router should support - it's encapsulated security protocol (ESP).Reply
A few days ago I got a message indicating this request is under review. Just wanted make everyone in the community, and Eero product managers aware of the following:
I received confirmation from Eero support that this is already supported. Chris in support said the following in his support email to me:
Thanks for writing in! We shouldn't have an issue with ESP as it's a part of the IPsec protocol suite - we pass this traffic on its way between the VPN server and client. So long as you have the proper port forwarding setup on the eero that you need to access the VPN server (I'm assuming this is another device you have on the network), then you should be good to go.
I hope this helps and let me know if you have any other questions!
Christopher @ eero
---end of message---
I have yet to try it out, but I did a preliminary test and I think it is working. I will post again once I have had a chance to confirm everything is working as expected.Reply
Sorry about that! We've been making a few changes to the eero community and this got moved over to Feature requests. Because of that, it was automatically designated with an "In review" and we've still been doing some cleanup since the change. I have moved this topic back over to discussion since it isn't a feature request.Reply
I run macOS Server v5.2 on a Mac Mini with the VPN service running. I also have a dynamic DNS hostname for VPN. I'm able to VPN externally of my LAN either from another WiFi network or my iPhone via LTE. I made sure I port forwarded TCP port 1723 and UDP ports 500, 1701, 4500.
So, for me, VPN works great using eero.Reply
I assume you setup your eero in Network Settings/Advanced Settings/Reservations & Port Forwarding.... Add a reservation for your Mac and opened the VPN ports? In that configuration I have separate entries for each of the UDP ports and TCP port. My dynamic DNS hostname is hosted by Noip.com and my Internet IP address for the DNS is the IP Address in eero's Network Settings/Advanced Settings/Internet Connection. The key is to have your DNS IP address at the host site set to your IP address the eero system uses to feed Internet activity.Reply