L2TP outbound - same as PPTP limitations

  • I'm not sure if L2TP questions go in the IPSEC forum, but didn't see an L2TP forum…

    I've got L2TP setup on a remote Windows 2008 server (behind a shared firewall) with ports open for L2TP.  I'm able to get one Windows 7 VPN connection working behind our pfSense 2.1 firewall, but I can't get a second connection working.  Does L2TP suffer from the same limitations as PPTP?


  • Rebel Alliance Developer Netgate

    Probably because you're not really using L2TP, but L2TP+IPsec, and IPsec does static port outbound for udp/500, so the second client to try will probably fail.

    If the server doesn't mind a random source port, switch to manual outbound NAT and remove the static port rules for isakmp.