PfSense is blocking L2TP/IPSec even when Port Forwarding / NAT is enabled.
-
Alright status update time!
So we figured, maybe it is because of xenserver or some networking settings. So we ordered a physical firewall with pfSense on it, imported our old config. Powered off the pfSense VM and gues what… exactly the same issue. Is there some hidden option that needs to be enabled to allow NAT-ing of IPSec/L2TP?
The pfSense version is 2.2.6
-
I'm not sure if I undestrand what you write, but is your problem similar to mine? https://forum.pfsense.org/index.php?topic=105604
-
well it is probably that the IPSec layer doesn't go through. If our findings are true then the issues could be indeed related.
-
@Balaena:
well it is probably that the IPSec layer doesn't go through. If our findings are true then the issues could be indeed related.
I've found that my problem is NAT-T related: https://support.software.dell.com/it-it/kb/sw4034
Anyway I wasn't able to fix my problem
-
Any1 has been able to solve this issue ?
-
Hm so we're not the only ones with this issue? Any idea where we could look? if needed we do have a few experienced C++, PHP and C programmers.
ByTheWay we do have the WAN directly on PFSense now, still same issue (so one router less).
-
I have tried everything but nothing working :(
-
Hello everyone!
I have had the same error, the only way I found to solve it has been to configure my router in transparent mode, which has given pfSense my router's public IP.
So now, my pfSense has got a free public IP address and everything is working fine! Hope you manage to resolve your problem!
-
We found the solution.
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows
-
"How to configure an L2TP/IPsec server behind a NAT-T" MS KB did not work for us.
Running 2.2.4-RELEASE (i386). Not planning the upgrade yet.
We're unable to forward L2TP traffic to the server behind NAT.We're seeing traffic coming on port 4500, VPN connection is estabilished, however there is no routed traffic. All NPS polices seems to be fine. No firewall rules blocking. No ACLs blocking.
We're not seeing anything behind this server.Forwarded traffic:
TCP/UDP 1701 WAN -> server
TCP/UDP 500 WAN -> server
TCP/UDP 4500 WAN -> server
AH protocol WAN -> server
ESP protocol WAN -> serverIssue seems to be covering this thread.
Next step is to sniff some traffic and check what is going on.
Any ideas?