Bug #6596
closed
Not able to connect from Windows 7 to L2TP/IPsec
0%
Description
Hello,
First, thanks for all your work. This is a fine product that I have used numerous times and it usually works very nicely. I have actually set up a number of OpenVPN instances and all worked seamlessly. However, one of my client asked for an alternative to OpenVPn without the use of certificates so I have been trying to get L2TP/IPsec to work. Unfortunately, it looks as if I am stuck and I can't seem to make any progress by myself. I am hoping that by giving you as much info as possible, you will be able to give me that little nudge that will allow me to solve my issue.
- I have tried to followed scrupulously the instructions at https://doc.pfsense.org/index.php/L2TP/IPsec (see attached configuration screenshots)
- I have modified my registry as per Microsoft instructions (https://support.microsoft.com/en-us/kb/926179)
- I have also tried to connect with my Android cell phone and it did not work either
- I have tried to switch off the IPSec passthru option on my router and the IPsec packets were blocked
Now, according to the logs provided on the instructions page, my IPsec connection seems to establish properly. Note, however, that I do not see the two following lines that show up in your logs
Feb 4 13:56:40 charon: 14[KNL] interface l2tp0 activated Feb 4 13:56:40 charon: 15[KNL] 192.168.32.1 appeared on l2tp0
The VPN->L2TP services indicates the service is up and I also see the listener on the WAN interface on the pfSense console
[2.3.1-RELEASE][root@pfSense.localdomain]/root: netstat -an|grep 1701 udp4 0 0 198.130.xxx.xxx.1701 *.*
I do not see anything that is being blocked on any interface at the firewall and that would relate to the connection (ports 500, 4500, 1701). As a matter of fact, I see the 500 and 4500 connections are accepted on my WAN interface and the 1701 connection is accepted on my IPsec interface. And when I run tcpdump on the IPsec interface, I see what is shown in the screenshot
Files
| ipsec_fw_l2tp_conf0.png (309 KB) ipsec_fw_l2tp_conf0.png | |||
| ipsec_fw_ipsec_conf0.png (308 KB) ipsec_fw_ipsec_conf0.png | |||
| ipsec_fw_wan_conf0.png (374 KB) ipsec_fw_wan_conf0.png | |||
| ipsec_log0.png (773 KB) ipsec_log0.png | |||
| ipsec_mobile_conf0.png (408 KB) ipsec_mobile_conf0.png | |||
| ipsec_tunnel_conf0.png (355 KB) ipsec_tunnel_conf0.png | |||
| ipsec_mobile_conf1.png (431 KB) ipsec_mobile_conf1.png | |||
| ipsec_tunnel_p1_conf1.png (394 KB) ipsec_tunnel_p1_conf1.png | |||
| ipsec_tunnel_p1_conf0.png (433 KB) ipsec_tunnel_p1_conf0.png | |||
| ipsec_tunnel_p2_conf0.png (376 KB) ipsec_tunnel_p2_conf0.png | |||
| tcpdump_enc0.png (201 KB) tcpdump_enc0.png |
Updated by Bruno Grossmann over 8 years ago
Log for IPsec is displayed in ipsec_log0.png. Tcpdump log is in tcpdump_enc0.png
Do not hesitate to contact me if you need more info
Updated by Jim Pingle over 8 years ago
- Status changed from New to Closed
- Affected Version deleted (
2.3.1)
There isn't anything we can do for that. It's an issue in Windows when connecting to strongSwan. https://wiki.strongswan.org/issues/220
Advocate to strongSwan if you'd like to see it fixed, but everyone has moved on to IKEv2 and few people are interested in investing time in L2TP/IPsec
Updated by Bruno Grossmann over 8 years ago
Thanks. The strongswan ticket seems to indicate the issue was fixed 4 years ago though so I am not quite sure what I should ask for.
I understand that most people now use IKEv2, I have suggested this to my client. Hopefully he agrees to it.