VPN passthrough is a feature which is available on routers which allows VPN traffic to an internal VPN server. In the below topology, the router is connected to the internet and has a public IP address which is assigned by the ISP.


There is a VPN server which is on the LAN network. The VPN server has a private IP address. A VPN client from the internet would be unable to connect to the VPN server on the LAN network as private IP addresses are not reachable from the internet. For achieving the solution a router with VPN passthrough feature is used. The VPN passthrough feature would ensure that all VPN clients achieve connectivity with the internal VPN server. After the VPN passthrough feature is configured on the router, VPN users from the internet would connect to the public IP address of the server, which would be the IP address of VPN server for the clients. When the VPN request comes to the router, the VPN passthrough feature would forward the request to the internal VPN server, following which connectivity is established between the client and the server. The feature can also be considered as a port forwarding for VPN protocols like L2TP, PPTP and IPSEC. VPN passthrough solves the problem of VPN servers which do not have a Public IP address and is useful in a small office network environment