L2TP/IPsec passthrough on dual WAN not working



  • I currently have a setup with dual WAN connections(primary cogent line, secondary comcast)  I have an OS X VPN server running on the LAN, and I've setup passthrough rules for both PPTP and L2TP for both the primary(WAN) and secondary(WAN2)  Connecting to either WAN/WAN2 ip address with a PPTP connection works just fine, but I can only get it to work with L2TP over one WAN connection.  Whichever one has the UDP/GRE/ESP passthrough rules first in the list works, and the second doesn't.  Im attaching a screenshot of my current rules, where it works connecting to the WAN IP, but not the WAN2 IP.

    TIA for any help/ideas,

    -dev

    PS, i'm running the Jan 25th version



  • You config seems fine…  ???

    Could you turn on logging on the respective FW rules and default deny and see what gets hit, when you try to connect?



  • Your NAT rules are likely missing or wrong. Your firewall rules are definitely wrong, destination is the internal IP if you're forwarding to the internal host.



  • The above pic is my NAT port forward rules.  The rules themselves by interface are attached.  Its really frustrating, and seems to not be very consistent.  Sometime I can connect to to both interfaces with an L2TP connection, other times only the WAN IP.  It seems to also be related to the network i'm on.  I seem to have a lot of trouble connecting to the WAN2 IP when I am at home on a comcast cable modem, but I have another setup on the same IP block running DD-wrt with port forwarding to another VPN server and that works just fine.





Log in to reply