L2TP over IPsec - traffic from LAN -> L2TP being dropped
-
I have L2TP over IPsec working. However, when I try to connect to a certain port on a host on the LAN (from the L2TP), it doesn't work. I see the SYN coming in and then when the SYN-ACK goes back, the firewall blocks it:
Dec 7 19:37:54 โบ l2tp0 ย 192.168.197.15:8181 ย 192.168.217.230:50413 TCP:SAE
I tried using the easy rule add feature but that didn't work. Also I've added rules for allowing traffic from LAN to anywhere, still doesn't work.
-
https://doc.pfsense.org/index.php/L2TP/IPsec#Firewall_traffic_blocked_outbound
-
Thank you, tried that. The traffic is still being dropped. Remember the traffic is going from LAN to L2TP.
-
Then you need to read it more closely. The traffic is failing to exit outbound on the L2TP interface, which is what the rule in the doc will fix. If it is still blocked, the rule wasn't made to exactly match the settings suggested on the page.
-
I did exactly what it said in the document. See attached.
-
There isn't an interface selected there, select the L2TP VPN interface.
Otherwise the rule looks OK, if that rule is loaded in the ruleset it shouldn't be able to be blocked like that, you can make the rule log to confirm it's being passed.
-
The interface was already in there. Oddly enough, once I added the logging it started working.
-
Looks like when you corrected it and saved again (and reloaded the rule set) it started working. Logging has no bearing on what traffic is or is not passed.