Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway IPSec site-to-site VPN and L2TP road warrior VPN behind the gateway

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JohninNYC
      last edited by

      Hi All,

      I'm loving PFSense and have just deployed the embedded version on some ALIX boards for several SOHO users and in the office.  My thanks to everyone who has supported/worked on the project.

      My question is how to configure the the firewall to allow for site to site IPSec tunnels at the gateway and not kill access to the L2TP/IPSec server sitting behind the office gateway.  If I forward UDP 500 to the L2TP server (OS X Tiger), L2TP clients work fine but the site to site IPSec tunnels cease functioning (no response from the office gateway).  If I turn of the rule, the tunnels work fine but the L2TP clients can't connect (no response).  I was using a couple of Snapgear gateways before and like magic (because I'm ignorant about exactly how it worked) both the site to site and L2TP tunnels worked (with UDP 500 forwarded to the L2TP server).  I'm assuming that the gateway was inspecting the UDP 500 traffic and only forwarding L2TP traffic that was not related to tunnels on the gateway.

      Any help would be greatly appreciated.

      Thank you,

      John

      1 Reply Last reply Reply Quote 0
      • J
        JohninNYC
        last edited by

        Hi All,

        I'm still hoping that someone can help me sort this problem out.  I emailed the listserv but so far no one has offered a suggestion.

        Thank you,

        John

        1 Reply Last reply Reply Quote 0
        • E
          Eugene
          last edited by

          Hi,

          I think you have to use different public IP addresses for tunnels terminated by pfSense and for L2TP/IPSec connections you are trying to forward to you L2TP server.
          Put yourself in pfSense' place. You see UDP-packet coming to port 500. How do you differentiate between packets intended for pfSense (tunnels) and intended to you L2TP server?

          Regards,
          Eugene.

          http://ru.doc.pfsense.org

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.