Port forward L2TP from IPSEC connection? Possible?

j_f · Oct 8, 2010, 4:03 PM

I want to use pfsense to handle IPSEC, and a separate device to handle L2TP.

In pfsense, I have a NAT rule to forward UDP 1701 from the IPSEC interface to the IP address of the other device.

In the NAT settings, I have tried both WAN interface and IPSEC interfaces.

The traffic never leaves pfsense, it is not forwarded.

I'm wondering if pfsense is capturing the L2TP traffic itself for it's own internal L2TP Server, even though the L2TP server is turned off in the pfsense GUI.

Efonnes · Oct 8, 2010, 11:58 PM

What settings did you use on each of the fields?

j_f · Oct 9, 2010, 6:00 PM

Interface IPSEC

Destination Address WLAN IP
Destination Port L2TP to L2TP

Protocol UDP

Forward to IP 192.168.x.x (ip of l2tp server)
Forward to Port L2TP

I'm using the Windows L2TP IPSEC built in client.

It creates the Phase 1 and Phase 2 and policies, but it doesn't complete connection because the L2TP fails because it isn't forwarded.

Efonnes · Oct 11, 2010, 11:43 PM

Why do you have WLAN IP on destination address? Is there some reason you aren't using an IP address from the IPsec interface?

j_f · Oct 11, 2010, 11:46 PM

The WAN is the correct address. The pfsense should port forward to the L2TP device.