l2tp/ipsec 20 seconds to login

chrisfr92

Hello,

I have setup a l2tp/ipsec server on pfsense 2.4.4p3.
I am using Windows 10 20H2 native VPN Client.

I can successfully authenticate and login to the VPN, but i have only 20 seconds to type and validate my credentials to be able to connect, otherwise connexion is closed by server.

From what i can see, LCP fails 10 times before destoying the IKE session.
Here is the log, assuming :
pfSense WAN IP : 90.90.90.90
Client public IP : 80.80.80.80

pfsense-log.txt

Do you guys have an idea about what could be the reason for a failed LCP negotiation ?

LCP negotiation starts before submiting user/password. Shouldn’t start after submiting user/password ?

Tested with pfSense 2.5.0 and same behaviour.
Note that a l2tp/ipsec server setup on a Fortigate, with the same Windows 10 client, does not close the connexion after 20 seconds.

Basically i would like to be able to offer my users more than 20 seconds to type their credentials.

Any idea about what is happening here, or what i am missing ?

chrisfr92

From further investigations, it seems that LCP Config Request is sent by pfsense to client before authentication.

Is there a way to make pfsense send LCP Config Request at autentication (when user/password form is validated) ?