Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Gateway IPSec site-to-site VPN and L2TP road warrior VPN behind the gateway

    IPsec
    2
    3
    3493
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JohninNYC last edited by

      Hi All,

      I'm loving PFSense and have just deployed the embedded version on some ALIX boards for several SOHO users and in the office.  My thanks to everyone who has supported/worked on the project.

      My question is how to configure the the firewall to allow for site to site IPSec tunnels at the gateway and not kill access to the L2TP/IPSec server sitting behind the office gateway.  If I forward UDP 500 to the L2TP server (OS X Tiger), L2TP clients work fine but the site to site IPSec tunnels cease functioning (no response from the office gateway).  If I turn of the rule, the tunnels work fine but the L2TP clients can't connect (no response).  I was using a couple of Snapgear gateways before and like magic (because I'm ignorant about exactly how it worked) both the site to site and L2TP tunnels worked (with UDP 500 forwarded to the L2TP server).  I'm assuming that the gateway was inspecting the UDP 500 traffic and only forwarding L2TP traffic that was not related to tunnels on the gateway.

      Any help would be greatly appreciated.

      Thank you,

      John

      1 Reply Last reply Reply Quote 0
      • J
        JohninNYC last edited by

        Hi All,

        I'm still hoping that someone can help me sort this problem out.  I emailed the listserv but so far no one has offered a suggestion.

        Thank you,

        John

        1 Reply Last reply Reply Quote 0
        • E
          Eugene last edited by

          Hi,

          I think you have to use different public IP addresses for tunnels terminated by pfSense and for L2TP/IPSec connections you are trying to forward to you L2TP server.
          Put yourself in pfSense' place. You see UDP-packet coming to port 500. How do you differentiate between packets intended for pfSense (tunnels) and intended to you L2TP server?

          Regards,
          Eugene.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy