Re: No VPN connection possible using new Rogers Ignite Cable Modem/Router
@tinious wrote: FWIW - my error message is "The VPN connection to the selected secure gateway requires a routable IPv4 physical adapter address. Please move to an IPv4 network and retry the connection or select a different secure gateway."
I spent a long time composing a reply but the site ate it when I hit "post". So here's a shorter reply.
A routable IPv4 address is one that is uniquely assigned throughout the internet.
The opposite is a private one, which could be used on any and every LAN. See RFC1918.
Rogers assigns each customer one routable address. This is normally used for the public interface of a router. Most routers then assign each node on the LAN a private address. Through a process called NAT (Network and port Address Translation), the router rewrites inbound and outbound packets to make this work.
NAT only works for TCP and UDP protocols.
The Internet Standard VPN protocol is IPsec and it uses AH and ESP packets, not something NAT can handle.
There are hacks to IPsec to encapuslate AH and ESP in UDP for "NAT Traversal".
A server cannot be behind NAT without really hairy hacks.
Summary both ends of an IPsec tunnel ought to have routable IP addresses. If you've enabled NAT Traversal on your IPsec system, the initiator ("client") can be behind NAT. Normally, the responder ("server") cannot be behind NAT.
It isn't clear which end the message refers to. Is it requesting that your Security Gateway (i.e. your computer) doesn't have a routable IPv4 address, or that the far side doesn't have a routable IPv4 address. If it is complaining about your end, you should figure out how to enable NAT Traversal. If it is complaining about the other side, you probably haven't configured that correctly (because that computer surely has a routable IP address).
Some routers have a setting called "VPN Passthrough". I'm not sure that ever works. It certainly isn't documented.
Some other VPN protocols (eg. OpenVPN) are based on TLS. That uses TCP and can survive NAT on the client side.