L2TP+IPSec, no response to port 500 UDP packets
-
This is on pfSense 2.0 RC3 x64. I've tried with and without ipSec enabled. ipSec mobile client is disabled, since I've read that pfSense can't do ipSec mobile clients and l2tp+IPsec at the same time, which is fine. I do need IPsec tunnels to work, but I don't need IPsec mobile clients.
I have one remote client for testing, which has firewall rules to allow all traffic in either direction on the WAN port on pfSense, with logging turned on. I see this when I attempt an L2TP connection from the client:
Jul 15 13:36:50 WAN clientAddress:500 pfSenseAddress:500 UDP
And that's it, pfSense doesn't respond. If I turn on IPsec (still no mobile client support turned on) I see this in the IPsec log:
racoon: [24.56.224.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
The L2TP log always shows
Jul 15 13:50:59 l2tps: Multi-link PPP daemon for FreeBSD
Jul 15 13:50:59 l2tps:
Jul 15 13:50:59 l2tps: process 13745 started, version 4.4.1 (root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org 16:11 9-Jun-2011)
Jul 15 13:50:59 l2tps: Label 'startup' not found
Jul 15 13:50:59 l2tps: [l2tp0] using interface l2tp0
Jul 15 13:50:59 l2tps: L2TP: waiting for connection on 0.0.0.0 1701My L2TP config is pretty simple. I've tried different things for the Server address, since I'm not sure what that's supposed to be. I've tried the WAN address, an IP in the same range as the Remote address range, and one outside of it. Otherwise the settings are:
Enable l2tp server
Interface WAN
Server address 192.168.21.255
REmote address range 192.168.21.1
Subnet mask 25
Number of l2tp users 1
Secret: xxxxxxxxxxxxxxxxxxxxx
encryption type CHAP
L2TP DNS Servers: x.x.x.x, x.x.x.xEverything else is unchecked or empty.
I'll post other information, such as mpd.conf, if requested. Thanks for any help!
Jeff