PPTP VPN Not Accepting conections and L2TP Breaks Site-to-Site

[tuaris]

I'm migrating from M0n0wall, I manually rebuilt my config page by page to sort of start "fresh".  PPTP was working fine in m0n0wall.

For t1n1wall, enabling the PPTP VPN appears to work according to the logs:

Code: [Select]

Jun  6 14:38:17 <daemon.info> stargate mpd: Multi-link PPP daemon for FreeBSD
Jun  6 14:38:17 <daemon.info> stargate mpd:
Jun  6 14:38:17 <daemon.info> stargate mpd: process 1605 started, version 5.8 ([email protected] 00:31 10-Sep-2018)
Jun  6 14:38:17 <daemon.info> stargate mpd: PPTP: waiting for connection on 0.0.0.0 1723

But attempting to connect from a client just times out.  Nothing is logged on the t1n1wall side.

So then I attempt L2TP/IPsec (since you have that option).  It works, very nicely except that when it's enabled, my site-to-site IPSec tunnels break with:

Code: [Select]

ERROR: phase2 negotiation failed due to time up waiting for phase1
INFO: request for establishing IPsec-SA was queued due to no phase1 found
Turning off L2TP re-enabled my site-site tunnels.

[andywhite]

Hi,  what version of t1n1wall are you working with ?

[tuaris]

Code: [Select]

Version 2.11.1b149 built on Mon Sep 10 00:28:35 IST 2018
Platform Generic PC (serial console)
Architecture i386

[tuaris]

The problem appears to be with the firewall rules.  I tried some rules from http://blog.up-link.ro/freebsd-how-to-install-and-configure-a-pptp-server-with-mpd5-on-freebsd-8-2/ and they worked for me.   Patch is in the bug report.

https://sourceforge.net/p/t1n1wall/bugs/37/

[andywhite]

Are your ipsec tunnels aggressive or main mode ?  There was a bug in the past for using aggressive mode tunnels with l2tp. It was fixed and then a bug raised with freebsd to fix.  When it was fixed upstream the fix was removed from t1n1wall as upstream would have been used

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203308

[andywhite]

latest version should fix pptp and l2tp problems