Windows VPN L2TP/IPSec Issues

Good Afternoon,

I use T-Mobile internet, and was using the provided home router, and a Archer C9 router with DDWRT. I bought a GL-X3000 so I could go away with having T-Mobiles provided modem/router and get rid of my Archer C9 and have it combined into one using the GL-X3000.

I'm having trouble with connecting to 2 VPN sites using L2TP/IPSec with the built in Windows VPN. Before I switched to the GL-X3000, I was able to connect just fine.

What I have tested is if I have my SIM card in the GL-X3000 I cannot connect to either VPN. If I use T-Mobile's modem/router and have the GL-X3000 plugged up behind I can connect, but I can't hit websites or talk to other devices on either VPN.

I've tried putting my laptop through the DMZ and tried to connect, but it doesn't work either way if using the GL-X3000 with the SIM card or without. If I plug my laptop straight into the T-Mobile router/modem, I can get connection and can hit websites.

This makes me think something within OpenWRT's firewall settings is blocking the VPN connection? I'm stumped, I've read other threads, but I can't get anywhere to get this to work. I have other VPN connections I use like OpenVPN client on my laptop to connect to other remote sites, and it works just fine, I just can't connect with L2TP/IPSec.

One more thing, I do also have VPN provider setup on OpenWRT. It's setup for just one client on the network. If I put my laptop on the list for the OpenWRT VPN Client, and try connecting my Windows VPN, it connects, but still can't hit websites. I was just using this as a test, this is not ideal for what I do.


I have another OpenWRT router GL-AXT1800. I noticed playing with it, I have no problem connecting my VPNs under L2TP/IPSec with this router. The GL-AXT1800 is behind my T-Mobile router, what I don't understand is why will the GL-AXT1800 will work with factory defaults, but the GL-X3000 won't work with the VPN with factory defaults? I figured they are just 2 different pieces of hardware with the same software flashed to it, should it work the same?


Are you running official OpenWrt, or the OpenWrt fork from Gl-inet?

ubus call system board

GL-iNet's version. Do they configure things differently?

Yes... very differently.

Please ask them in their forums. Their fork of OpenWrt is very heavily modified and is not supported here because we don't know what they have changed and the details about how it should work.

I forgot to mention that I hooked back up my Archer C9 with DDWRT behind T-Mobile modem/gateway. So right now I have both the GL-ATX1800 and GL-X3000 behind Archer C9. After testing the VPN connection with the GL-ATX1800, I was curious if it'd work with the GL-X3000 behind the C9, and it works. To try and narrow this down I'll back track what I tried.

TMobile NAT + GL = connection issues

TMobile NAT + DDWRT Archer C9 + GL = connection

I noticed in the settings for DDWRT it had a option to allow VPN pass-through. Which I'd assume that's why it works with my DDWRT router, but what I find weird is if I remove the Archer C9 from the picture, the GL doesn't connect out, but why?

As I was typing this up I noticed you replied. I'll reach out to their forum. I appreciate the help!