IPSEC/L2TP Windows Client
-
I have setup pfSense inside VMWare Workstation. I am attempting to create a IPSEC/L2TP connection with the Windows VPN client.
I am currently attempting a basic configuration following some of the guides on the site as well as forums. However I cannot get the client to connect.
From the logs it appears to be trying, I see some back and forth, then finally it deletes out. These are the last few messages each time.
Mar 25 14:42:29 charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 67d55650
Mar 25 14:42:29 charon: 15[IKE] <con1|1>received DELETE for ESP CHILD_SA with SPI 67d55650So it appears traffic isn't blocked but something is going on.
I am also curious if once this is configured correctly if it can be set to use my AD accounts/credentials to log on?</con1|1>
-
Any help with this?
-
+1 for me too!
my iDevices work perfectly. iOS8 iPhones, MacBook Pro. etc.
the Windows devices, however don't work. They seem to be trying to connect, but I get the same log entries the OP listed and the Windows device comes back with an Error 809.
Any assistance would be greatly appreciated.
Thanks!
-
I just re-read a reply on another thread from jimp.
seems this is a NAT problem and not exclusive to pfSense. https://lists.strongswan.org/pipermail/users/2014-September/006638.html
I would like to try IKEv2, but there's no built-in GUI support for setting up such a VPN connection on the iDevices.
-
The NAT issue appears to be specific to Windows clients (and not every circumstance) – if it works for the other clients (iOS, etc) they could still use it.
-
After much trial and error, I'm finally able to get L2TP/IPsec and IKEv2 working (separately, not at the same time) . However, at this time it seems I need to make a decision.
My VPN needs to support both Windows & Apple devices. Some of the Windows devices (i.e. tablets) don't have third-party client software available to support straight IPsec VPN. (this means OpenVPN is also not an option)
The choices are:
-
Support only iDevices using L2TP/IPsec*
-
Support only Windows devices using IKEv2*
-
Unless someone can point me to documentation explaining how to support both protocols at once.
StrongSwan has an OS X client that is supposed to provide IKEv2 connectivity. However, there is zero documentation, and the GUI completely non-intuitive.
-