Issues with Nortel VPN client when behind pfSense NAT

  • Anyone else have experience using Nortel VPN Client behind a pfSense box acting as NAT router?  I've been having this weirdness since I first started using pfSense over a year ago.

    Here's my setup:
    Windows laptop => Nortel VPN Client => pfSense => Internet => Company's Nortel Contivity Switch => Company's LAN

    Under this setup my Windows box seems to have issues with authenticating to Exchange.  Outlook will hang when opening and eventually (after a couple minutes) prompt for my domain credentials - once I provide them, Outlook hangs again for a while before finally establishing a connection.  I am able to access other Windows resources - though generally without an authentication prompt, the connection process seems to be slower than it should be.

    However, if I replace the pfSense box with a Linksys router (happens to be running dd-WRT), Outlook will connect to Exchange right away - no hangs, no authentication prompt.  Access to other Windows resources is speedier - more like should be expected.

    This is all strange - once the VPN tunnel is established, I wouldn't think the box doing the routing would be able to interrupt certain types of traffic in the tunnel.

    Has anyone else run into anything like this?  Any solution?



  • Odd indeed.  I have used the nortel vpn client for several years behind pfsense.  Question though: we were using it in NAT traversal mode, so it encapsulates in UDP.  Is that your case?  If not, that might be the issue, and if so, is it feasible for that to be changed?

  • On my client properties I see:

    IPSec NAT Traversal:  Active on port 10001

  • odd.  can you get a packet capture during one of these slow events?

  • I could….. but we'd be talking about company network traffic... I wouldn't feel comfortable sharing a capture.

  • Didn't say you had to post it, just look and see if there is anything there at all that might shed light.

Log in to reply