4. Setting up L2TP

Setting up L2TP

  • D

    I'm running pfSense 2.0 and trying to setup an L2TP Server. For some reason, I cannot successfully connect.

    My L2TP Settings:

    Enable L2TP Server: Yes
    Interface: WAN
    Server Address: 172.25.200.1
    Remote Address Range: 172.25.200.16
    Subnet Mask: /30
    Encryption Type: CHAP
    Secret: test
    Users: testuser/testpassword

    I've added the following firewall rules:
    Allow UDP from anywhere to 500 to WAN
    Allow UDP from anywhere to 1701 to WAN

    When I view the tcpdump, I can see my client trying to connect, but it doesn't make it past isakmp phase 1.

    23:19:08.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
    23:19:10.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident
    23:19:12.010497 IP xxx-xxx-xxx-xxx.55336 > yyy-yyy-yyy-yyy.isakmp: isakmp: phase 1 I ident

    Anyone have suggestions on what I might be doing wrong?

    0
  • M

    My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any

    0
  • G

    Are you trying to configure L2TP/IPSec or just L2TP??

    0
  • D

    Right now, just L2TP. But L2TP + IPSec eventually if/when possible.

    0
  • D

    @Metu69salemi:

    My firewall rule is udp any any any 1701, and it works. try to change wan ip-address to any

    Just tried this, but no luck. Still getting the same messages in my log file about "isakmp: phase 1 I ident".

    Couple questions.
    1. When configuring L2TP, should the interface be set to WAN on the configuration page?
    2. On the firewall rules, should I be setting firewall rules on the WAN tab or L2TP VPN tab?

    0
  • M

    answers:
    1. Yes
    2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn

    0
  • D

    @Metu69salemi:

    answers:
    1. Yes
    2. Rules work on ingress: Meaning your firewall is waiting vpn connection, from Wan –> rules has to be set on WAn

    Ok, then that all checks out with how I have things configured. Do I need to configure any IPSec-related settings? If not, I'm completely baffled as to why I can't make an L2TP connection and that it stalls on the ISAKMP phase 1. I don't have any magic going on, this is a pretty straightforward configuration.

    Ideas?

    0
  • M

    I use only openvpn by myself but i have configured also pptp & l2tp vpn's for testing
    I haven't done a thing with ipsec on these three vpn's

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy