Hi all
I'm struggling to connect from a Mac inside the LAN to an internet IPsec/L2TP server (brand Zyxel).
I tested it successfully without the opnsense router in between (different net, different router).
I unsuccessfully tried without the automatic outbound NAT rules.
It seems the attempt doesn't write anything to the Firewall log.
We got a gateway failover installed.
DNS resolves right.
Any hints?
Thank you very much for your help!
best
Manu
please provide more information.
is your ISP router on bridge mode or not ?
firewall rules ?
Quote from: Julien on July 31, 2016, 02:36:02 PM
please provide more information.
is your ISP router on bridge mode or not ?
firewall rules ?
Connection: It's a biz fiber router with a static global subnet on opnsense WAN. I guess no special mechanics involved: bridged.
Firewall:
There are lots of rules, I think better I would know what to look for.
Do you know what Ports are involved in L2TP/IPsec? I dont understand the multiphase concept enough, sorry.
I thought since there are no blocked entries, it must have been by design (blocket IPsec passthrough because of opnsense's own IPsec ability, or so)
thanks
m
These are the standard IPSec/L2TP firewall rules:
Protocol: UDP, port 500 (for IKEv1/v2)
Protocol: UDP, port 4500 (for IKEv1/v2)
Protocol: UDP, port 1701 (for L2TP)
You shouldn't need the IPsec rules, since they're wrapped in L2TP, but they are:
Protocol: ESP, value 50 (for IPsec)
Protocol: AH, value 51 (for IPsec)
Bart...