Setting up L2TP
-
I'm running pfSense 2.0 and trying to setup an L2TP Server. For some reason, I cannot successfully connect.
My L2TP Settings:
Enable L2TP Server: Yes
Interface: WAN
Server Address: 172.25.200.1
Remote Address Range: 172.25.200.16
Subnet Mask: /30
Encryption Type: CHAP
Secret: test
Users: testuser/testpasswordI've added the following firewall rules:
Allow UDP from anywhere to 500 to WAN
Allow UDP from anywhere to 1701 to WANWhen I view the tcpdump, I can see my client trying to connect, but it doesn't make it past isakmp phase 1.
23:19:08.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
23:19:10.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
23:19:12.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I identAnyone have suggestions on what I might be doing wrong?
-
My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any
-
Are you trying to configure L2TP/IPSec or just L2TP??
-
Right now, just L2TP. But L2TP + IPSec eventually if/when possible.
-
My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any
Just tried this, but no luck. Still getting the same messages in my log file about "isakmp: phase 1 I ident".
Couple questions.
1. When configuring L2TP, should the interface be set to WAN on the configuration page?
2. On the firewall rules, should I be setting firewall rules on the WAN tab or L2TP VPN tab? -
answers:
1. Yes
2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn -
answers:
1. Yes
2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAnOk, then that all checks out with how I have things configured. Do I need to configure any IPSec-related settings? If not, I'm completely baffled as to why I can't make an L2TP connection and that it stalls on the ISAKMP phase 1. I don't have any magic going on, this is a pretty straightforward configuration.
Ideas?
-
I use only openvpn by myself but i have configured also pptp & l2tp vpn's for testing
I haven't done a thing with ipsec on these three vpn's