Setting up L2TP



  • I'm running pfSense 2.0 and trying to setup an L2TP Server. For some reason, I cannot successfully connect.

    My L2TP Settings:

    Enable L2TP Server: Yes
    Interface: WAN
    Server Address: 172.25.200.1
    Remote Address Range: 172.25.200.16
    Subnet Mask: /30
    Encryption Type: CHAP
    Secret: test
    Users: testuser/testpassword

    I've added the following firewall rules:
    Allow UDP from anywhere to 500 to WAN
    Allow UDP from anywhere to 1701 to WAN

    When I view the tcpdump, I can see my client trying to connect, but it doesn't make it past isakmp phase 1.

    23:19:08.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
    23:19:10.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
    23:19:12.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident

    Anyone have suggestions on what I might be doing wrong?



  • My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any



  • Are you trying to configure L2TP/IPSec or just L2TP??



  • Right now, just L2TP. But L2TP + IPSec eventually if/when possible.



  • @Metu69salemi:

    My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any

    Just tried this, but no luck. Still getting the same messages in my log file about "isakmp: phase 1 I ident".

    Couple questions.
    1. When configuring L2TP, should the interface be set to WAN on the configuration page?
    2. On the firewall rules, should I be setting firewall rules on the WAN tab or L2TP VPN tab?



  • answers:
    1. Yes
    2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn



  • @Metu69salemi:

    answers:
    1. Yes
    2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn

    Ok, then that all checks out with how I have things configured. Do I need to configure any IPSec-related settings? If not, I'm completely baffled as to why I can't make an L2TP connection and that it stalls on the ISAKMP phase 1. I don't have any magic going on, this is a pretty straightforward configuration.

    Ideas?



  • I use only openvpn by myself but i have configured also pptp & l2tp vpn's for testing
    I haven't done a thing with ipsec on these three vpn's


Locked