By using AWS re:Post, you agree to the Terms of Use

Network Load Balancer not supporting Network Protocols


I have a shared VPN Service in a target group, users can connect through the NLB to it with L2TP without issues.

However, I though the whole point in a Network Load Balancer was to ignore the application logic and just forward network traffic directly to the target groups.

And here comes the issue: The NLB doesn't seem to support anything in the Custom Protocol arena, which seems completely bizarre considering its function. My users also use PPTP for low latency, non secure VPN communications, but the NLB doesn't seem to be allowing GRE (Protocol 47) traffic through to the targets. The PPTP TCP port 1723 target works fine, but without GRE, they cannot connect and because there is no SG on an NLB we cannot add any custom protocols. Having a VPN cluster with PPTP behind an NLB seems impossible, one of the main functions of an NLB.

Is this intended?

Is there a workaround?

Why would someone create a Network Load Balancer that prevents Network traffic at its core?

Thanks in advance,


1 Answer

Hi! Good question.

NLBs only support the following Protocols for Target Groups: TCP, TLS, UDP, TCP_UDP. And only the following ports: 1-65535.

You could look into AWS Transit Gateway, which has AWS Transit Gateway Connect that supports GRE:

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions