L2TP issue since last update
-
After making the last update, I was unable to connect from L2TP. I read the changes, but I don't think it will be related. I'm not logging in with Radius. There is no problem with the connection. I tried it in the old version, it works fine. As for the rules, it's normal.
-
No human beings to answer? All my services stopped now!
-
@erselbey
Hi,the answer is probably hard to come by, because not many people already use L2TP...
@erselbey "I tried it in the old version, it works fine. "
-come back in the meantime to a working configuration until the problem is resolved
not much is being said about L2TP really in the current change
for the sake of curiosity
why don't you use OpenVPN?PS:
is there anything in the logs at all?
(your starting post is very concise, no one can figure out what can happen to your system, if there is no data)
share your logs and it is possible that someone has already encountered the issue...+++++edit: plus it’s a weekend and as you can see there’s not much movement on the forum
Cats bury it so they can't see it!
(You know what I mean if you have a cat) -
@DaddyGo All of the employees are structured as L2TP and so on. The systems are completely macOS so we use L2TP.
-
That makes sense
-so, have you ever considered IPsec?
I personally hate the L2TP old and rigid protocol and it is no longer so secure.Cats bury it so they can't see it!
(You know what I mean if you have a cat) -
@DaddyGo Actually I did not think but we are in a transition period now. That's why we manage it for now. Trying for a deep-rooted job because of a minor problem also requires effort. Otherwise, L2TP started to be troubled as you said.
-
I understand...
We have long been doing the following:
central pfSense OpenVPN server (headquarter) and smaller pfSense-enabled devices at employee endpoints as OpenVPN clients
https://pcengines.ch/apu4d4.htm (110-130USD)so it doesn't matter what OP system is running on the client side (employees) (macOS, Windows, Linux)
since both endpoints have pfSense and OpenVPN -
don't worry, I rarely see L2TP posts on the forum, probably someone will come who has similar problems...
now you have to wait a bit...
-
Unfortunately, it is now. By the way, I am looking for the solution. There is no problem with the Radius server either in the manual user. It's annoying.
-
Jun 27 19:25:09 l2tps L2TP: Control connection 0x80366a610 destroyed
Jun 27 19:24:58 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
Jun 27 19:24:58 l2tps Incoming L2TP packet from x.x.x.x 50969
Jun 27 19:24:45 l2tps L2TP: Control connection 0x80366a610 destroyed
Jun 27 19:24:34 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
Jun 27 19:24:33 l2tps Incoming L2TP packet from x.x.x.x 61437
Jun 27 19:24:24 l2tps L2TP: Control connection 0x80366a610 destroyed
Jun 27 19:24:18 l2tps L2TP: Control connection 0x80366a310 destroyed
Jun 27 19:24:13 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
Jun 27 19:24:13 l2tps Incoming L2TP packet from x.x.x.x 57154
Jun 27 19:24:07 l2tps L2TP: Control connection 0x80366a310 terminated: 0 ()
Jun 27 19:24:07 l2tps Incoming L2TP packet from x.x.x.x 51461Jun 27 19:26:40 charon 06[IKE] <con5000|3> nothing to initiate
Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating new tasks
Jun 27 19:26:40 charon 06[ENC] <con5000|3> parsed INFORMATIONAL response 67 [ ]
Jun 27 19:26:40 charon 06[NET] <con5000|3> received packet: from x.x.x.x[500] to x.x.x.x[500] (76 bytes)
Jun 27 19:26:40 charon 06[NET] <con5000|3> sending packet: from x.x.x.x[500] to x.x.x.x[500] (76 bytes)
Jun 27 19:26:40 charon 06[ENC] <con5000|3> generating INFORMATIONAL request 67 [ ]
Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating IKE_DPD task
Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating new tasks
Jun 27 19:26:40 charon 06[IKE] <con5000|3> queueing IKE_DPD task
Jun 27 19:26:40 charon 06[IKE] <con5000|3> sending DPD request
Jun 27 19:26:30 charon 10[IKE] <con5000|3> nothing to initiate
Jun 27 19:26:30 charon 10[IKE] <con5000|3> activating new tasks
Jun 27 19:26:30 charon 10[ENC] <con5000|3> parsed INFORMATIONAL respons -
@erselbey
"the log shows that the connection is basically not working"I would do that:
try to build a whole new test connection just for the sake of the test
which is by no means related to previously configured L2TP connectionsof course on the updated system
this basically filters out that importing existing settings into the newer environment is causing the error
or L2TP really doesn't work on your system (under the new release) - +++I do not believe this
what L2TP client is on the other side software configured or hardware dependent?
I am thinking of this here:
https://www.thegreenbow.com/index.html
(in the past we have used this client for L2TP)PS:
the settings stored in XML may not be realized in the new environment+++edit:
just notice the end of the description:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/l2tp-ipsec.html+++edit: (pay close attention to this)
https://forum.netgate.com/topic/154619/l2tp-control-connection-0x803859310-destroyed
-
I now trying
-
This time it doesn't work with radius :(
-
okay I'm running out of ideas...
let's see @jimp can help you, if he are currently available...I note, I really used L2TP a long time ago, but now I'm interested in this theme (just for the sake of curiosity)
I just see the despair in your writing, ergo I want to help...
never give up, colleague...
now I have to go, because my wife opened the weekend red wineCats bury it so they can't see it!
(You know what I mean if you have a cat) -
@DaddyGo Thank you very much for your help. Hope you have a happy time with your partner :) Take care.
-
@jimp ???
-
I think nobody else has any idea about the subject.
-
@erselbey please check this https://redmine.pfsense.org/issues/10710
-
I see help is on its way.
-
I started to tamper with the problem and I could not understand what to do with this method. I understand that I just need to delete the secret key. Is it correct? If it is true, it does not work, unfortunately.
-
I solved the problem. After installing the patch, I added Pre Shared Key on the IPsec side and the problem was resolved.
