Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L2TP+IPSec, no response to port 500 UDP packets

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    1 Posts 1 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeff
      last edited by

      This is on pfSense 2.0 RC3 x64. I've tried with and without ipSec enabled. ipSec mobile client is disabled, since I've read that pfSense can't do ipSec mobile clients and l2tp+IPsec at the same time, which is fine. I do need IPsec tunnels to work, but I don't need IPsec mobile clients.

      I have one remote client for testing, which has firewall rules to allow all traffic in either direction on the WAN port on pfSense, with logging turned on. I see this when I attempt an L2TP connection from the client:

      Jul 15 13:36:50 WAN clientAddress:500 pfSenseAddress:500 UDP

      And that's it, pfSense doesn't respond. If I turn on IPsec (still no mobile client support turned on) I see this in the IPsec log:

      racoon: [24.56.224.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.

      The L2TP log always shows

      Jul 15 13:50:59 l2tps: Multi-link PPP daemon for FreeBSD
      Jul 15 13:50:59 l2tps:
      Jul 15 13:50:59 l2tps: process 13745 started, version 4.4.1 (root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org 16:11 9-Jun-2011)
      Jul 15 13:50:59 l2tps: Label 'startup' not found
      Jul 15 13:50:59 l2tps: [l2tp0] using interface l2tp0
      Jul 15 13:50:59 l2tps: L2TP: waiting for connection on 0.0.0.0 1701

      My L2TP config is pretty simple. I've tried different things for the Server address, since I'm not sure what that's supposed to be. I've tried the WAN address, an IP in the same range as the Remote address range, and one outside of it. Otherwise the settings are:

      Enable l2tp server
      Interface WAN
      Server address 192.168.21.255
      REmote address range 192.168.21.1
      Subnet mask 25
      Number of l2tp users 1
      Secret: xxxxxxxxxxxxxxxxxxxxx
      encryption type CHAP
      L2TP DNS Servers: x.x.x.x, x.x.x.x

      Everything else is unchecked or empty.

      I'll post other information, such as mpd.conf, if requested. Thanks for any help!

      Jeff

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.