pfSense

I use an L2TP tunnel by Andrews and Arnolds here in the UK, as allows for access to their network without being a full customer of theirs.

My ISP, Virgin Media, provides a somewhat 'sticky' WAN IP address, served by DHCP, which is tied to the MAC of the router being used on the customer side, hence I set a manual MAC address on the WAN interface in pfSense to continue using an IP I've had for ages.

However, setting any MAC on the WAN interfaces causes the L2TP tunnel to cease working correctly. Everything works normally when I remove the spoofed WAN address.

When using the spoofed MAC, the WAN interface continuously drops every few seconds, almost as if it is constantly renewing its DHCP lease. Pinging the firewall using the WAN address confirms this, as you have a series of 3 to 4 responses, followed by several timeouts, followed by a random number of responses to the ping. WebConfigurator also grinds to a halt, although the IP on the LAN side remains pingable.

When I previously had two WAN connections set up in a failover configuration (the current Virgin Media one w/spoofed MAC and another that needed PPPoE) and attempted to use the L2TP tunnel, the firewall would failover to the PPPoE connection fine, but lock me out of WebConfigurator.

I've also stood up a virtual pfSense instance which gets a local IP address from my main firewall, to eliminate any WAN-side trickery. The issue still persists - if there is a spoofed MAC on the WAN interface being used by the L2TP tunnel, it falls over repeatedly.

I've attached the system log readout with IPs redacted. The LNS IP for the L2TP tunnel on the A&A side is 90.155.53.19.