L2TP/Ipsec VPN with CARP IP



  • Hello

    I am trying to setup a L2TP/IPSEC VPN using the CARP IP.
    Unfortunately you can only use L2TP with the WAN interface so I followed some advice I found on here to add a port foward like below:
    NAT.PNG

    With the blue area being the CARP IP. I have tried this with ports 1721 and ports 1701 neither work.

    I also set the ipsec vpn to use the WAN CARP IP when doing this.


  • Rebel Alliance Developer Netgate

    Traffic gets ... weird ... when using IPsec transport mode. It's possible it's not matching that because IPsec is getting in the way. I have never seen L2TP/IPsec work with CARP that way, but that doesn't mean it is impossible.

    L2TP is UDP port 1701 so the rule in the screenshot is definitely wrong in that regard.

    You'll need to go through the usual Port Forward Troubleshooting steps but check both the WAN and IPsec interfaces for traffic and see what happens. And see what is happening in the state table.

    You'd probably be much better off not using L2TP/IPsec if you can avoid it. IKEv2 is much, much better.



  • Unfortunately we were trying to connect a Draytek Vigor 2830 which doesn't seem to support IKEv2. But we couldn't get it working with the non CARP IP anyway.

    Thanks for your help


Log in to reply