I have been setting up the network for my workplace and would like to setup a VPN so my colleagues and I can connect from outside, but I have run into a bit of a snafu. The way we currently have our network setup we have a Wifi router (Western Digital N750) which is connected to the internet, so the external IP for our workplace connects to that router. That router is then in control of all the wireless devices, which is mainly just our phones - nothing critical, and connected to a second router via the built in LAN switch. That second router is the Primary router for our network, it is in charge of all the static IP addresses, port management, primary firewall, etc. and connects to all the Ethernet devices via a single switch. So since it's the Ethernet network we want to connect to I have setup that primary router to host a VPN. The problem I'm running into is how to forward that VPN out through the Wifi Router. I have mapped out our network below:
I know some routers have a simple "VPN forwarding" option, but unfortunately this one does not appear to. I do know for fact though that this wifi router is capable of hosting a VPN itself, should that be of any use. Are there any sets of ports or things of the like that I can setup in the wifi router to be forwarded to the internet so the VPN requests get directed to the primary router?
So far I have tried:
-Placing the primary router on DMZ
-Disabling the Wifi router's Firewall
-Forwarding known ports (1723, 1701, 500) on the wifi router
I am using Protocol type L2TP. And all the computers are running windows 7 enterprise.
In every instance I receive error code 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
To verify that the VPN itself is working I have successfully connected to the LAN network via a laptop connected to the Wifi router one step above the primary router (in the position depicted in my network layout). To ensure it wasn't a matter of settings on different computers - I tested connecting with the same laptop on an external network and I received the same error as before - so the problem is definitely in allowing the VPN through the Wifi router.
Any help would be much appreciated, Thanks!
--EDIT--
I forgot to mention - for some reason that is completely beyond me our ISP doesn't like the primary router, which is why we have to go through the wifi router. The router itself works perfectly fine, I have even taken it home to check on my home network and it works as expected but it just refuses to allow any internet traffic through in our workplace. Otherwise this would be a very simple fix of switching the order of the Wifi and primary routers. Unfortunately not so.
I am network engineer. For first: you need to check all ports in your firewall and add GRE (47) port. By default my advice: open both TCP and UDP port. Second: turn off "Secure connection" in VPN connection settings. Try allow all methods: PAP, CHAP, MSCHAP + v2.. I know it's not secure but for some reason ISP can block it. (In Israel I see it very often), so open PAP, for tests. If you still will have troubles try to change MTU in your router to 500 (for example) Not all routers have this kind of options. If you want I can give some advices in comments. Good luck.