IPSec VPN to Softether Server

endy66 · Mar 5, 2018, 9:12 PM

Hello,

We are running a Softether VPN server with L2TP/IPSec configuration in the main office. Our clients can connect to it on their Windows notebooks with the native VPN client, so they are able to access resources from the server within the main office.

Now we have a small secondary office, where also sits a pfsense box. To connect these clients to the main office, i would like to do it via the pfsense (as a vpn client), rather than connecting every client seperately.

Is this possible somehow?

Kind Regards

endy66 · Mar 11, 2018, 10:09 AM

Does no one have any help for this?

MrV0 · Mar 12, 2018, 1:10 PM

@endy66:

Does no one have any help for this?

So you want a VPN tunnel from the main office to the secondary office, so all users in the secondary office can use the main office resources?
If so just setup a new site to site VPN at your main office and get your pfsence box to connect.

lets say your main office is 10.0.1.0/24 and your secondary office is 10.0.2.0/24 just make sure you put your local subnet and remote subnet the right way round.

endy66 · Mar 12, 2018, 4:19 PM

Thank you NASMAN for your reply. I saw the documentation of a site to site vpn between two pfsense boxes. But i want to use the softether vpn server (configured as L2TP/IPSec), and connect the pfsense from the secondary office to that vpn server over L2TP/IPSec, but i haven't found any guide to configure the pfsense so far.

MrV0 · Mar 12, 2018, 4:34 PM

@endy66:

Thank you NASMAN for your reply. I saw the documentation of a site to site vpn between two pfsense boxes. But i want to use the softether vpn server (configured as L2TP/IPSec), and connect the pfsense from the secondary office to that vpn server over L2TP/IPSec, but i haven't found any guide to configure the pfsense so far.

It will not be hard, just try it and post what you have done here.

endy66 · Mar 12, 2018, 5:33 PM

The problem is, that i have not found a way to provide username and password.
My VPN Server uses L2TP/IPSec with PSK and username / password authentication.

Derelict · Mar 12, 2018, 6:00 PM

There is no facility for pfSense to be an L2TP/IPsec VPN client like that. Use IPsec Site-to-Site.

endy66 · Mar 12, 2018, 6:06 PM

Ok thank you, then i have to go with OpenVPN as SoftEther Server does Support it?

Derelict · Mar 12, 2018, 6:25 PM

I know nothing about Softether but if it supports OpenVPN it should work.

endy66 · Mar 12, 2018, 6:35 PM

Yes it does. Now i have enabled the OpenVPN on SoftEther. The pfSense does connect and get an IP from the server. But after a few seconds it gets disconnected, the log on the pfSense shows me the following error:

openvpn Authenticate/Decrypt packet error: missing payload

I haven't found anything about this error, so what could this be?

Derelict · Mar 12, 2018, 7:56 PM

You need a site-to-site solution, not remote access. You are looking to route subnets over the connection, not connect a single endpoint with a single IP address.

This is not a softether support forum.

You probably have a crypto mismatch.

You will need to provide MUCH more information, such as the configuration on the server side, their recommended client configuration settings, and the pfSense configuration.

endy66 · Mar 18, 2018, 8:12 AM

Problem solved! Now i can connect my pfsense box as a client to my SoftEther server. The problem was the latest (RTM) Version of SoftEther server, which seems to have an issue with OpenVPN. After installing an earlier version, everything is working as expected.