Bug #475
L2TP is not functional in the way users will expect
| Status: | New | Start date: | 04/04/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | L2TP | |||
| Target version: | - | |||
| Affected version: | 2.0 | Affected Architecture: |
Description
L2TP appears to be missing the IPsec part, mpd binds on UDP 1701, but it has nothing for the ISAKMP, nothing is bound on UDP 500. Clients just fail after attempting to send the ISAKMP phase 1 ident which gets no response.
Associated revisions
Some IPsec mobile changes to inch a little closer to working L2TP+IPsec. Ticket #475
History
#1
Updated by Ermal Luçi about 3 years ago
This is relevant to what is needed to be done.
For further reference read this http://old.nabble.com/IPSec-NAT-T-in-transport-mode-td27240984.html
#2
Updated by Chris Buechler about 3 years ago
- Subject changed from L2TP is not functional to L2TP is not functional in the way users will expect
clarifying ticket, it does actually work, but not the way most people are going to expect.
#3
Updated by Ermal Luçi almost 3 years ago
Probably this should be closed and a feature request should be opened for a wizard.
#4
Updated by Chris Buechler almost 3 years ago
to be consistent with how users expect it to work, and how it works in similar projects, it needs to just automatically add the appropriate IPsec bits. I don't see any need for a wizard.
#5
Updated by Jim P over 2 years ago
Some sample configurations linked here:
http://forum.pfsense.org/index.php/topic,30114.msg156037.html#msg156037
#6
Updated by Thomas Reagan over 2 years ago
Hello,
This is functionality that I could really use, and would be happy to assist in any way that I can. However, I am unclear from the bug to date what needs to happen next - is the next step evaluating the relevant settings, building a framework, or what?
If one of the core developers can point me in a direction, I am happy to slug through this.
Thanks,
--tkr
#7
Updated by Chris Buechler over 2 years ago
L2TP is likely just going to be plain L2TP for 2.0 and we can work out the IPsec bits later. The underlying software doesn't work properly with L2TP+IPsec and it's going to require some heavy lifting development work to fix that. Details in the link Ermal provided in the fist comment above.
#8
Updated by Ermal Luçi over 2 years ago
- Target version changed from 2.0 to 2.1
This cannot be achived in 2.0 timeframe.
#9
Updated by Ermal Luçi over 2 years ago
Another helpful link
http://kuapp.com/2010/07/14/how-to-setup-l2tpipsec-vpn-on-freebsd.html
#10
Updated by Dim Hatz about 1 year ago
Another related link:
Howto set up a L2TP/IPsec VPN Dial-In Server (Part I to III)
http://forums.freebsd.org/showthread.php?t=26755
#11
Updated by Carsten Zimmermann 6 months ago
Are there any updates on this regarding the 2.1 release? I'm running the 2.1 beta (build: Fri Nov 16 04:26:21 EST 2012) and there is indeed no IKE daemon running after enabling L2TP.
(Also, is there a recommended approach to do this manuelly without 'disturbing' the web-based mpd configuration?)
#12
Updated by Jim P 6 months ago
There is still no way to do this with or without the GUI. It still requires patches to the software (ipsec-tools/racoon) that we have not yet made.
#13
Updated by Chris Buechler 3 months ago
- Target version deleted (
2.1)