L2TP/IPsec or IKEv2



  • Hello everyone,

    actually we use an DrayTek router (hate it… old strongswan with pluto...) and L2TP/IPsec VPN for remote access.

    I heard that there are problems with L2TP/IPsec in pfsense and clients behind NAT, but unfortunately almost every IPv4 client is behind NAT...

    Is there really such a big problem with the actual strongswan and L2TP/IPsec? Or which VPN is the actual way to go for windows?
    I could use openvpn but only with the Export tool and manager to connect without admin rights...

    Thanks in advance!


  • Rebel Alliance Developer Netgate

    L2TP/IPsec is not a good fit right now.

    IKEv2 is the way to go for sure if you have clients that support it (Windows 7+, current versions of OS X and iOS, Android with the strongSwan app)

    OpenVPN works well, if you don't want to deal with having to use Admin rights on windows you can try the OpenVPNManager option in the export package, or you can also try the non-free Viscosity client which works great and doesn't need admin rights, but it's $9/seat.



  • Thanks for your answer Jim! I'll try IKEv2 and the OpenVPN Clients then!


Log in to reply