I am trying to setup a home VPN with IPsec as I have read about PPTP having some security problems and being outdated. I found an article on the web that shows you how to setup an IPsec VPN here which I was able to follow and setup, but when I went to connect to it I could not. I tried port scanning the router from the LAN and by using a computer outside of my LAN and both scans concluded that port 500 (the VPN port) was closed. Is there something else I have to do to set it up to listen so clients can connect? I checked the error logs and everything was clean so I am confused here.
In addition, from what I know IPsec is supposed to be a wrapper around L2TP so am I supposed to setup L2TP first and then configure my IPsec to work with L2TP which would explain why it's not "listening"? If so, could you kindly share a link with me that helps me accomplish that? I've gone though the first couple pages of Google and all I can seem to dig up is PPTP guides. Many thanks!
IKE traffic to establish a phase 1 tunnel runs over port 500 of the UDP protocol; a typical port scan only checks TCP ports. This is because it's much harder to simply 'check' a UDP port for openness without knowing what protocol is operating on the port - many services won't respond to a UDP packet that's malformed, and many systems won't send ICMP unreachable responses to indicate a non-listening UDP port. See
-sUscan section here for more information.Check the logs in the pfsense device, and turn up logging verbosity if necessary, to get some information on what's going on with the connection attempts.