Netgate SG-1000 microFirewall

Author Topic: L2TP/IPSec VPN stopped working in pfSense 2.4  (Read 741 times)

0 Members and 1 Guest are viewing this topic.

Offline onlime

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
    • Onlime Webhosting
L2TP/IPSec VPN stopped working in pfSense 2.4
« on: October 27, 2017, 04:40:00 am »
I have set up L2TP/IPSec VPN exactly as described on https://doc.pfsense.org/index.php/L2TP/IPsec

Until pfSense 2.3.4-RELEASE-p1 all was working fine, tested with macOS High Sierra and iOS 11 built-in clients.
In pfSense 2.4.1, I can no longer connect. Enabling verbose logging in macOS VPN settings does not give me any more detailed report than that:

Code: [Select]
$ tail -f /var/log/ppp.log
Fri Oct 27 11:32:00 2017 : publish_entry SCDSet() failed: Success!
Fri Oct 27 11:32:00 2017 : publish_entry SCDSet() failed: Success!
Fri Oct 27 11:32:00 2017 : l2tp_get_router_address
Fri Oct 27 11:32:00 2017 : l2tp_get_router_address 192.168.1.1 from dict 1
Fri Oct 27 11:32:00 2017 : L2TP connecting to server 'pfsense.example.com' (1.2.3.4)...
Fri Oct 27 11:32:00 2017 : IPSec connection started
Fri Oct 27 11:32:00 2017 : IPSec phase 1 client started
Fri Oct 27 11:32:00 2017 : IPSec phase 1 server replied
Fri Oct 27 11:32:30 2017 : IPSec connection failed

any advice or updated tutorial for pfSense 2.4?
Thanks!

Offline Mattman

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: L2TP/IPSec VPN stopped working in pfSense 2.4
« Reply #1 on: January 02, 2018, 10:39:21 am »
I have the same issue.

I have two pfSense routers, both were just upgraded to 2.4.2-RELEASE-p1 from 2.3.4-RELEASE-p1. L2TP/IPSec worked great on 2.3.4-RELEASE-p1 on both routers. After upgrading, I can no longer connect to the L2TP server on one (yes, just one) of the routers. I am trying to connect from a Macbook Pro (MacOS 10.12.6) and an iPhone 6S+ (iOS 11.2.1). On both devices, the connection fails with "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator." My ppp.log file on my Mac looks pretty much identical to what onlime posted. The most recent entries in my L2TP system log on the router is:

Quote
Dec 28 08:51:29 l2tps: L2TP: waiting for connection on 1.2.3.4 1701
Dec 28 08:51:29 l2tps: process 50431 started, version 5.8 (nobody@pfSense_factory-v2_4_2_amd64-pfSense_factory-v2_4_2-job-12 19:34 16-Nov-2017)
Dec 28 08:51:29 l2tps:
Dec 28 08:51:29 l2tps: Multi-link PPP daemon for FreeBSD

All still works great on the other router...super weird. The main difference between the two routers is the one that is broken is set up with two VLANs and the other (the one that still works) just has a single LAN (no VLANs). Because of this, I am thinking the issue lies with some VLAN configuration, but I am not too sure how to confirm/troubleshoot this. Any tips or hints would be greatly appreciated!