Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L2TP\IPSPEC with preshared key passthrough

    Scheduled Pinned Locked Moved NAT
    10 Posts 3 Posters 10.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pollardhimself
      last edited by

      I am trying to forward L2TP\ipsec with preshared key vpn request to my server. I have forwarded 4500, 500, and 1701 both tcp/udp on right now. I  haven't had any luck what am I missing? Using version 1.2.3

      1 Reply Last reply Reply Quote 0
      • P
        pollardhimself
        last edited by

        Ive also added esp packets to be forwarded still nothing.

        1 Reply Last reply Reply Quote 0
        • S
          scoop
          last edited by

          I  assume you mean this? If so, you'll need to forward IKE (udp port 500),  L2TP (UDP 1701) and ESP (IP protocol 50). So I guess you forgot to forward IKE. The other ports you mention seem to be unnessecary.

          1 Reply Last reply Reply Quote 0
          • P
            pollardhimself
            last edited by

            i believe the default firewall rules where on tcp

            1 Reply Last reply Reply Quote 0
            • P
              pollardhimself
              last edited by

              I have fixed the firewall rules but I am still unable to get it to work. It works internally if I put in the local ip and use it from a internal computer. And I see it allowing the ports threw when I try to connect from a remote computer



              1 Reply Last reply Reply Quote 0
              • E
                Efonnes
                last edited by

                If you are using the combination IPSec+L2TP VPN, you don't need to let L2TP through, as that is tunneled through the IPSec VPN.  I could be wrong, but I seem to recall there being some limitation of IPSec that it doesn't work with NAT on the server end, requiring the server to have a public IP.

                1 Reply Last reply Reply Quote 0
                • P
                  pollardhimself
                  last edited by

                  http://support.microsoft.com/kb/926179

                  Ill give this a try.. hopefully this is the answer to all my problems

                  1 Reply Last reply Reply Quote 0
                  • P
                    pollardhimself
                    last edited by

                    didnt work, does the adapter have to have a public ip?

                    1 Reply Last reply Reply Quote 0
                    • P
                      pollardhimself
                      last edited by

                      kc8apf says its broken is this true?

                      1.2.3 is broken.  Either use 1.2.2 or 2.0 beta.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pollardhimself
                        last edited by

                        It works now…. its not 1.2.3

                        Do this on the server and client and you should be fine... it just took some time to take effect
                        and I forgot todo it on the client computer also
                        http://support.microsoft.com/kb/926179

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.