pfSense

Duplicate of 11571 (I'm the same person who posted that issue which was rejected).

Posted on forum here with no responses: https://forum.netgate.com/topic/183437/possible-bug-spoofed-wan-mac-plus-l2tp-service-causes-wan-interface-link-flap?_=1697806686922 but have done some more testing since then.

I've encountered what might be a bug in a specific, niche setup. If a MAC address is spoofed on the WAN interface, and is used with an L2TP service (such as the Andrews and Arnold one in the UK, the WAN link flaps every 5-10 seconds.

This has been tested on a box which has Intel I226 NICs (igc), Intel X710s (ixl) and an I350-T4 (igb). This has previously also occured on VMWare (vmx) NICs. This doesn't seem to be a NIC simply not liking MAC spoofing if its occurring on different ones. If I spoof the MAC and do not use the L2TP service, everything runs fine without issue, so again, unlikely to be the NIC deciding it doesn't want to cooperate.

Rebooting or rerooting brings everything back up and it works, however the L2TP uptime counter is blank. If I edit ANY interface, it starts link flapping again.

Log readout attached. I am happy to provide temporary login details for the L2TP to anyone from Netgate who wants to try and replicate it.