L2TP issue since last update
-
That makes sense
-so, have you ever considered IPsec?
I personally hate the L2TP old and rigid protocol and it is no longer so secure. -
@DaddyGo Actually I did not think but we are in a transition period now. That's why we manage it for now. Trying for a deep-rooted job because of a minor problem also requires effort. Otherwise, L2TP started to be troubled as you said.
-
I understand...
We have long been doing the following:
central pfSense OpenVPN server (headquarter) and smaller pfSense-enabled devices at employee endpoints as OpenVPN clients
https://pcengines.ch/apu4d4.htm (110-130USD)so it doesn't matter what OP system is running on the client side (employees) (macOS, Windows, Linux)
since both endpoints have pfSense and OpenVPN -
don't worry, I rarely see L2TP posts on the forum, probably someone will come who has similar problems...
now you have to wait a bit...
-
Unfortunately, it is now. By the way, I am looking for the solution. There is no problem with the Radius server either in the manual user. It's annoying.
-
Jun 27 19:25:09 l2tps L2TP: Control connection 0x80366a610 destroyed
Jun 27 19:24:58 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
Jun 27 19:24:58 l2tps Incoming L2TP packet from x.x.x.x 50969
Jun 27 19:24:45 l2tps L2TP: Control connection 0x80366a610 destroyed
Jun 27 19:24:34 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
Jun 27 19:24:33 l2tps Incoming L2TP packet from x.x.x.x 61437
Jun 27 19:24:24 l2tps L2TP: Control connection 0x80366a610 destroyed
Jun 27 19:24:18 l2tps L2TP: Control connection 0x80366a310 destroyed
Jun 27 19:24:13 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
Jun 27 19:24:13 l2tps Incoming L2TP packet from x.x.x.x 57154
Jun 27 19:24:07 l2tps L2TP: Control connection 0x80366a310 terminated: 0 ()
Jun 27 19:24:07 l2tps Incoming L2TP packet from x.x.x.x 51461Jun 27 19:26:40 charon 06[IKE] <con5000|3> nothing to initiate
Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating new tasks
Jun 27 19:26:40 charon 06[ENC] <con5000|3> parsed INFORMATIONAL response 67 [ ]
Jun 27 19:26:40 charon 06[NET] <con5000|3> received packet: from x.x.x.x[500] to x.x.x.x[500] (76 bytes)
Jun 27 19:26:40 charon 06[NET] <con5000|3> sending packet: from x.x.x.x[500] to x.x.x.x[500] (76 bytes)
Jun 27 19:26:40 charon 06[ENC] <con5000|3> generating INFORMATIONAL request 67 [ ]
Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating IKE_DPD task
Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating new tasks
Jun 27 19:26:40 charon 06[IKE] <con5000|3> queueing IKE_DPD task
Jun 27 19:26:40 charon 06[IKE] <con5000|3> sending DPD request
Jun 27 19:26:30 charon 10[IKE] <con5000|3> nothing to initiate
Jun 27 19:26:30 charon 10[IKE] <con5000|3> activating new tasks
Jun 27 19:26:30 charon 10[ENC] <con5000|3> parsed INFORMATIONAL respons -
@erselbey
"the log shows that the connection is basically not working"I would do that:
try to build a whole new test connection just for the sake of the test
which is by no means related to previously configured L2TP connectionsof course on the updated system
this basically filters out that importing existing settings into the newer environment is causing the error
or L2TP really doesn't work on your system (under the new release) - +++I do not believe this
what L2TP client is on the other side software configured or hardware dependent?
I am thinking of this here:
https://www.thegreenbow.com/index.html
(in the past we have used this client for L2TP)PS:
the settings stored in XML may not be realized in the new environment+++edit:
just notice the end of the description:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/l2tp-ipsec.html+++edit: (pay close attention to this)
https://forum.netgate.com/topic/154619/l2tp-control-connection-0x803859310-destroyed
-
I now trying
-
This time it doesn't work with radius :(
-
okay I'm running out of ideas...
let's see @jimp can help you, if he are currently available...I note, I really used L2TP a long time ago, but now I'm interested in this theme (just for the sake of curiosity)
I just see the despair in your writing, ergo I want to help...
never give up, colleague...
now I have to go, because my wife opened the weekend red wine -
@DaddyGo Thank you very much for your help. Hope you have a happy time with your partner :) Take care.
-
@jimp ???
-
I think nobody else has any idea about the subject.
-
@erselbey please check this https://redmine.pfsense.org/issues/10710
-
I see help is on its way.
-
I started to tamper with the problem and I could not understand what to do with this method. I understand that I just need to delete the secret key. Is it correct? If it is true, it does not work, unfortunately.
-
I solved the problem. After installing the patch, I added Pre Shared Key on the IPsec side and the problem was resolved.
