L2TP/IPSec VPN stopped working in pfSense 2.4
-
I have set up L2TP/IPSec VPN exactly as described on https://doc.pfsense.org/index.php/L2TP/IPsec
Until pfSense 2.3.4-RELEASE-p1 all was working fine, tested with macOS High Sierra and iOS 11 built-in clients.
In pfSense 2.4.1, I can no longer connect. Enabling verbose logging in macOS VPN settings does not give me any more detailed report than that:$ tail -f /var/log/ppp.log Fri Oct 27 11:32:00 2017 : publish_entry SCDSet() failed: Success! Fri Oct 27 11:32:00 2017 : publish_entry SCDSet() failed: Success! Fri Oct 27 11:32:00 2017 : l2tp_get_router_address Fri Oct 27 11:32:00 2017 : l2tp_get_router_address 192.168.1.1 from dict 1 Fri Oct 27 11:32:00 2017 : L2TP connecting to server 'pfsense.example.com' (1.2.3.4)... Fri Oct 27 11:32:00 2017 : IPSec connection started Fri Oct 27 11:32:00 2017 : IPSec phase 1 client started Fri Oct 27 11:32:00 2017 : IPSec phase 1 server replied Fri Oct 27 11:32:30 2017 : IPSec connection failed
any advice or updated tutorial for pfSense 2.4?
Thanks! -
I have the same issue.
I have two pfSense routers, both were just upgraded to 2.4.2-RELEASE-p1 from 2.3.4-RELEASE-p1. L2TP/IPSec worked great on 2.3.4-RELEASE-p1 on both routers. After upgrading, I can no longer connect to the L2TP server on one (yes, just one) of the routers. I am trying to connect from a Macbook Pro (MacOS 10.12.6) and an iPhone 6S+ (iOS 11.2.1). On both devices, the connection fails with "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator." My ppp.log file on my Mac looks pretty much identical to what onlime posted. The most recent entries in my L2TP system log on the router is:
Dec 28 08:51:29 l2tps: L2TP: waiting for connection on 1.2.3.4 1701
Dec 28 08:51:29 l2tps: process 50431 started, version 5.8 (nobody@pfSense_factory-v2_4_2_amd64-pfSense_factory-v2_4_2-job-12 19:34 16-Nov-2017)
Dec 28 08:51:29 l2tps:
Dec 28 08:51:29 l2tps: Multi-link PPP daemon for FreeBSDAll still works great on the other router…super weird. The main difference between the two routers is the one that is broken is set up with two VLANs and the other (the one that still works) just has a single LAN (no VLANs). Because of this, I am thinking the issue lies with some VLAN configuration, but I am not too sure how to confirm/troubleshoot this. Any tips or hints would be greatly appreciated!