L2TP+IPSec, no response to port 500 UDP packets



  • This is on pfSense 2.0 RC3 x64. I've tried with and without ipSec enabled. ipSec mobile client is disabled, since I've read that pfSense can't do ipSec mobile clients and l2tp+IPsec at the same time, which is fine. I do need IPsec tunnels to work, but I don't need IPsec mobile clients.

    I have one remote client for testing, which has firewall rules to allow all traffic in either direction on the WAN port on pfSense, with logging turned on. I see this when I attempt an L2TP connection from the client:

    Jul 15 13:36:50 WAN clientAddress:500 pfSenseAddress:500 UDP

    And that's it, pfSense doesn't respond. If I turn on IPsec (still no mobile client support turned on) I see this in the IPsec log:

    racoon: [24.56.224.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.

    The L2TP log always shows

    Jul 15 13:50:59 l2tps: Multi-link PPP daemon for FreeBSD
    Jul 15 13:50:59 l2tps:
    Jul 15 13:50:59 l2tps: process 13745 started, version 4.4.1 (root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org 16:11 9-Jun-2011)
    Jul 15 13:50:59 l2tps: Label 'startup' not found
    Jul 15 13:50:59 l2tps: [l2tp0] using interface l2tp0
    Jul 15 13:50:59 l2tps: L2TP: waiting for connection on 0.0.0.0 1701

    My L2TP config is pretty simple. I've tried different things for the Server address, since I'm not sure what that's supposed to be. I've tried the WAN address, an IP in the same range as the Remote address range, and one outside of it. Otherwise the settings are:

    Enable l2tp server
    Interface WAN
    Server address 192.168.21.255
    REmote address range 192.168.21.1
    Subnet mask 25
    Number of l2tp users 1
    Secret: xxxxxxxxxxxxxxxxxxxxx
    encryption type CHAP
    L2TP DNS Servers: x.x.x.x, x.x.x.x

    Everything else is unchecked or empty.

    I'll post other information, such as mpd.conf, if requested. Thanks for any help!

    Jeff


Log in to reply