L2TP VPN

• L2TP and Firewall Rules
• L2TP and Multi-WAN
• L2TP Server Configuration

See also

• L2TP/IPsec Remote Access VPN Configuration Example

• Troubleshooting L2TP

• L2TP Logs

pfSense® software can act as an L2TP VPN server. L2TP is purely a tunneling protocol that offers no encryption of its own, so it is typically combined with some other encryption technique, such as IPsec.

Warning

pfSense software supports L2TP/IPsec, however, some clients will not work properly in many common scenarios. The most common problem scenario is Windows clients behind NAT, in that case the Windows client and the strongSwan IPsec daemon are not fully compatible, which leads to failure. In these situations, the best practice is to use IKEv2 instead.

See also

IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2 contains a walkthrough for configuring IKEv2, which is a much more flexible solution.

See also

For general discussion of the various types of VPN implementations available in pfSense software and their pros and cons, see Virtual Private Networks.

L2TP Security Warning

L2TP on its own is not encrypted, so it is not intended for private traffic. Some devices, such as Android, offer an L2TP-only client which is capable of connecting back to pfSense software but it should only be used for traffic that is already encrypted, or if the traffic is not considered private. For example, tunneling Internet traffic so it appears to originate from another location.