Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC/L2TP Windows Client

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MitchMiller
      last edited by

      I have setup pfSense inside VMWare Workstation. I am attempting to create a IPSEC/L2TP connection with the Windows VPN client.

      I am currently attempting a basic configuration following some of the guides on the site as well as forums. However I cannot get the client to connect.

      From the logs it appears to be trying, I see some back and forth, then finally it deletes out. These are the last few messages each time.

      Mar 25 14:42:29 charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 67d55650
      Mar 25 14:42:29 charon: 15[IKE] <con1|1>received DELETE for ESP CHILD_SA with SPI 67d55650

      So it appears traffic isn't blocked but something is going on.

      I am also curious if once this is configured correctly if it can be set to use my AD accounts/credentials to log on?</con1|1>

      1 Reply Last reply Reply Quote 0
      • M
        MitchMiller
        last edited by

        Any help with this?

        1 Reply Last reply Reply Quote 0
        • K
          krankykoder
          last edited by

          +1 for me too!

          my iDevices work perfectly. iOS8 iPhones, MacBook Pro. etc.

          the Windows devices, however don't work. They seem to be trying to connect, but I get the same log entries the OP listed and the Windows device comes back with an Error 809.

          Any assistance would be greatly appreciated.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • K
            krankykoder
            last edited by

            I just re-read a reply on another thread from jimp.

            seems this is a NAT problem and not exclusive to pfSense. https://lists.strongswan.org/pipermail/users/2014-September/006638.html

            I would like to try IKEv2, but there's no built-in GUI support for setting up such a VPN connection on the iDevices.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              The NAT issue appears to be specific to Windows clients (and not every circumstance) – if it works for the other clients (iOS, etc) they could still use it.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • K
                krankykoder
                last edited by

                After much trial and error, I'm finally able to get L2TP/IPsec and IKEv2 working (separately, not at the same time) . However, at this time it seems I need to make a decision.

                My VPN needs to support both Windows & Apple devices. Some of the Windows devices (i.e. tablets) don't have third-party client software available to support straight IPsec VPN. (this means OpenVPN is also not an option)

                The choices are:

                • Support only iDevices using L2TP/IPsec*

                • Support only Windows devices using IKEv2*

                • Unless someone can point me to documentation explaining how to support both protocols at once.

                StrongSwan has an OS X client that is supposed to provide IKEv2 connectivity. However, there is zero documentation, and the GUI completely non-intuitive.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.