Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense is blocking L2TP/IPSec even when Port Forwarding / NAT is enabled.

    Scheduled Pinned Locked Moved IPsec
    13 Posts 7 Posters 16.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Balaena-B.V.-ICT
      last edited by

      Alright status update time!

      So we figured, maybe it is because of xenserver or some networking settings. So we ordered a physical firewall with pfSense on it, imported our old config. Powered off the pfSense VM and gues what… exactly the same issue. Is there some hidden option that needs to be enabled to allow NAT-ing of IPSec/L2TP?

      The pfSense version is 2.2.6

      1 Reply Last reply Reply Quote 0
      • K
        kaya84
        last edited by

        I'm not sure if I undestrand what you write, but is your problem similar to mine? https://forum.pfsense.org/index.php?topic=105604

        1 Reply Last reply Reply Quote 0
        • B
          Balaena-B.V.-ICT
          last edited by

          well it is probably that the IPSec layer doesn't go through. If our findings are true then the issues could be indeed related.

          1 Reply Last reply Reply Quote 0
          • K
            kaya84
            last edited by

            @Balaena:

            well it is probably that the IPSec layer doesn't go through. If our findings are true then the issues could be indeed related.

            I've found that my problem is NAT-T related: https://support.software.dell.com/it-it/kb/sw4034

            Anyway I wasn't able to fix my problem

            1 Reply Last reply Reply Quote 0
            • A
              avinash1003
              last edited by

              Any1 has been able to solve this issue ?

              1 Reply Last reply Reply Quote 0
              • B
                Balaena-B.V.-ICT
                last edited by

                Hm so we're not the only ones with this issue? Any idea where we could look? if needed we do have a few experienced C++, PHP and C programmers.

                ByTheWay we do have the WAN directly on PFSense now, still same issue (so one router less).

                1 Reply Last reply Reply Quote 0
                • A
                  avinash1003
                  last edited by

                  I have tried everything but nothing working :(

                  1 Reply Last reply Reply Quote 0
                  • A
                    Ashtez
                    last edited by

                    Hello everyone!

                    I have had the same error, the only way I found to solve it has been to configure my router in transparent mode, which has given pfSense my router's public IP.

                    So now, my pfSense has got a free public IP address and everything is working fine! Hope you manage to resolve your problem!

                    1 Reply Last reply Reply Quote 0
                    • J
                      jsingh
                      last edited by

                      We found the solution.

                      https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows

                      1 Reply Last reply Reply Quote 0
                      • T
                        toomeek
                        last edited by

                        "How to configure an L2TP/IPsec server behind a NAT-T" MS KB did not work for us.
                        Running 2.2.4-RELEASE (i386). Not planning the upgrade yet.
                        We're unable to forward L2TP traffic to the server behind NAT.

                        We're seeing traffic coming on port 4500, VPN connection is estabilished, however there is no routed traffic. All NPS polices seems to be fine. No firewall rules blocking. No ACLs blocking.
                        We're not seeing anything behind this server.

                        Forwarded traffic:
                        TCP/UDP 1701 WAN -> server
                        TCP/UDP 500 WAN -> server
                        TCP/UDP 4500 WAN -> server
                        AH protocol WAN -> server
                        ESP protocol WAN -> server

                        Issue seems to be covering this thread.

                        Next step is to sniff some traffic and check what is going on.
                        Any ideas?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.