IPSEC/L2TP passthrough problem
-
Hello,
We are using 1.2.3RC
We have a Windows 2008 machines behind the pfsense (on opt1)
This windows box is running an IPSEC/L2TP VPN with a pre-shared key.We are unable to connect to this VPN at all if the pfsense is in the middle.
We see ports 500 and 4500 UDP pass.
We do not see any ports being blocked.
We have opened the entire firewall to that machine.
We have opened AH and EPS and GRE protocols to the machine on every port.I have NAT outbound enabled on every port.
It seems if I disable the pre-shared key, I can get to the VPN.
If i am using a pre-shared key, I am unable to connect.Please advise, we have been on this problem for weeks now.
Thanks much
-Shane -
Is the windows system using the same source ports? e.g. 500 and 4500? If so, what is being sent by pfsense? It may be due to rewriting source ports if so? If this is it, try setting manual outbound NAT and select static port and see?
-
Widows is using the same ports.
In the logs on pf sense, I can see 4500 and 500 being passed to the windows box.Basically, what this comes down to, can the pf sense pass-through IPSEC/L2PT vpn requests.
It seems it will do IPSEC/L2PT no issue at all, but when i want to use a pre-shared key, it dies.Its possible this could be because of NAT-T?
I am not very good at this stuff, but I am trying.
Thanks for your quick reply.
-Shane