I am replacing a Ubiquiti Edgerouter with a netgate appliance running pfSense plus (25.07). On the edgerouter I had an L2TP/IPsec VPN configured for remote access and I cannot figure out how to get the VPN working on pfSense.
Hopefully I can get it up and working in a way that won’t require any change on the part of the client devices that attempt to connect. I have ESP and UDP ports 500, 4500, and 1701 open on my WAN firewall, and nmap -sU -p of each of the UDP ports on the public IP from an external host show them to be open.
On the Edgerouter the relevant info copied from a backup of the config.boot file:
ipsec {
allow-access-to-local-interface enable
auto-firewall-nat-exclude enable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group FOO0 {
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 14
encryption aes128
hash sha1
}
}
}
l2tp {
remote-access {
authentication {
local-users {
username user1 {
password <user_password>
}
username user2 {
password <user_password>
}
}
mode local
}
client-ip-pool {
start 192.168.10.90
stop 192.168.10.99
}
dhcp-interface bond0
dns-servers {
server-1 1.1.1.1
}
idle 1800
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret <removed PSK>
}
ike-lifetime 3600
lifetime 3600
}
}
}
I’ve tried setting up, editing settings, checking Youtube videos, asking chatGPT, and nothing has gotten I’ve done has gotten it to work yet. I did look at a WAN packet capture (filtered for the UDP ports 500, 4500, and 1701) while attempting to connect my phone to the VPN and saw four incoming requests on port 500, then my phone told me the server did not respond.