Port forward L2TP from IPSEC connection? Possible?

  • I want to use pfsense to handle IPSEC, and a separate device to handle L2TP.

    In pfsense, I have a NAT rule to forward UDP 1701 from the IPSEC interface to the IP address of the other device.

    In the NAT settings, I have tried both WAN interface and IPSEC interfaces.

    The traffic never leaves pfsense, it is not forwarded.

    I'm wondering if pfsense is capturing the L2TP traffic itself for it's own internal L2TP Server, even though the L2TP server is turned off in the pfsense GUI.

  • What settings did you use on each of the fields?

  • Interface IPSEC

    Destination Address WLAN IP
    Destination Port L2TP to L2TP

    Protocol UDP

    Forward to IP 192.168.x.x (ip of l2tp server)
    Forward to Port L2TP

    I'm using the Windows L2TP IPSEC built in client.

    It creates the Phase 1 and Phase 2 and policies, but it doesn't complete connection because the L2TP fails because it isn't forwarded.

  • Why do you have WLAN IP on destination address?  Is there some reason you aren't using an IP address from the IPsec interface?

  • The WAN is the correct address.  The pfsense should port forward to the L2TP device.

Log in to reply