Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up L2TP

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digm
      last edited by

      I'm running pfSense 2.0 and trying to setup an L2TP Server. For some reason, I cannot successfully connect.

      My L2TP Settings:

      Enable L2TP Server: Yes
      Interface: WAN
      Server Address: 172.25.200.1
      Remote Address Range: 172.25.200.16
      Subnet Mask: /30
      Encryption Type: CHAP
      Secret: test
      Users: testuser/testpassword

      I've added the following firewall rules:
      Allow UDP from anywhere to 500 to WAN
      Allow UDP from anywhere to 1701 to WAN

      When I view the tcpdump, I can see my client trying to connect, but it doesn't make it past isakmp phase 1.

      23:19:08.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
      23:19:10.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
      23:19:12.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident

      Anyone have suggestions on what I might be doing wrong?

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any

        1 Reply Last reply Reply Quote 0
        • G
          georgeman
          last edited by

          Are you trying to configure L2TP/IPSec or just L2TP??

          If it ain't broke, you haven't tampered enough with it

          1 Reply Last reply Reply Quote 0
          • D
            digm
            last edited by

            Right now, just L2TP. But L2TP + IPSec eventually if/when possible.

            1 Reply Last reply Reply Quote 0
            • D
              digm
              last edited by

              @Metu69salemi:

              My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any

              Just tried this, but no luck. Still getting the same messages in my log file about "isakmp: phase 1 I ident".

              Couple questions.
              1. When configuring L2TP, should the interface be set to WAN on the configuration page?
              2. On the firewall rules, should I be setting firewall rules on the WAN tab or L2TP VPN tab?

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                answers:
                1. Yes
                2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn

                1 Reply Last reply Reply Quote 0
                • D
                  digm
                  last edited by

                  @Metu69salemi:

                  answers:
                  1. Yes
                  2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn

                  Ok, then that all checks out with how I have things configured. Do I need to configure any IPSec-related settings? If not, I'm completely baffled as to why I can't make an L2TP connection and that it stalls on the ISAKMP phase 1. I don't have any magic going on, this is a pretty straightforward configuration.

                  Ideas?

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi
                    last edited by

                    I use only openvpn by myself but i have configured also pptp & l2tp vpn's for testing
                    I haven't done a thing with ipsec on these three vpn's

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.