L2TPv3 tunnel over internet behind natted networks

vrak6992 · ‎02-28-2020

I am trying to establish a Layer 2 tunnel between separate unlinked 2 sites. All I've been provided is an internet connection on both ends that resides behind natting. Is it possible to have my routers connected up in the natted (so 192.168.1.x with gw of 1.1) and somehow establish an L2TPv3 tunnel over the internet to the other router that is also behind natting?

I have established L2TPv3 tunnels when my routers have direct access to the WAN (closed loop L3 networking) using loopback interfaces but having issues wrapping my head around doing it from behind NAT where I dont have access to the WAN info.

I am unfamiliar with MPLS and general ISP VPN technologies but realistically speaking I need to be able to connect the routers to the internal networks and somehow establish the tunnel via a general internet connection. Any suggestions? Is this even possible? Below is an attempt at the architecture. The PC's on each end will ride the L2TPv3 tunnel and be connected together L2 via the tunnel.

PC - Router1 - [natted internet connection 192.168.1.x] - [natted internet connection 192.168.1.x ] - Router2 - PC

Cristian Matei · ‎03-02-2020

Hi,

If you run l2tpv3 over UDP, you'll pass through any NAT/PAT/firewall device in the path. If you run l2tpv3 over IP (protocol 115), if there is a firewall in the path it needs to allow protocol 115, if there is a NAT device in the path it will work (though most NAT implementations don't really NAT protocol 115), if there is a PAT device in the path, either this traffic is excluded from PAT or the vendor implementation of PAT supports assigning "random identifiers" as port numbers in the PAT table, simulating TCP/UDP behaviour.

Regards,

Cristian Matei.