FW4 and VPN connectivity

I'm guessing that wih the switch to FW4 the options of a VPN are limited?

I'm looking for something that I can configure via Luci for site to site VPN and client dial in,
what are my options, I'm guessing wire guard is the only thing that works under FW4?

Ccurrently we use l2tp with ipsec id like to stick with that if possible is there some sort of workaround ?

fw3 or fw4 doesn't have any influence on your options of VPN implementations, you set the incoming rules (same syntax), you're done. Your VPN (clients) might want to do their own iptables calls, which isn't ideal, but also works with iptables-nft being there.

l2tp however should be better best forgotten. wireguard, OpenVPN, IPsec/ IKEv2, etc. would be better options - but again, fw4 isn't precluding anything here.


I did not have to modify anything to keep WireGuard working with firewall4. The migration should be transparent (except where there's no feature parity).

1 Like