Problem with outgoing L2TP VPN connections when using multiple WAN's



  • Hello

    When I enable loadbalancing and use dual I am unable to estabilish a L2TP VPN connection if the connection isn't made over WAN1.
    I just followed the basic tutorial for multiwan and for the other things it seems to go fine.

    Any hints on what I could have done wrong?

    Kind regards,

    Simon


  • Rebel Alliance Developer Netgate

    Is it actually L2TP or is it L2TP/IPsec?



  • Hmm it doesn't really mention that.
    It's just a VPN made from Windows by the 'Connect to a workplace or VPN wizard'. Default is PTPP but from that I know Pfsense has limitation so I changed the properties and set it to use L2TP.


  • Rebel Alliance Developer Netgate

    Then it's L2TP/IPsec and at the firewall level you should be working with udp/500, udp/4500, and ESP traffic. If you have policy routing it's possible the ESP traffic is taking a different path than the UDP traffic which breaks it.

    You need to setup a failover (not load balancing) rule for traffic to the remote VPN server, or maybe use sticky, or maybe your outbound NAT on WAN2 is different (no static port for udp/500 traffic?).


Log in to reply