Project

General

Profile

Actions

Bug #13450

open

L2TP Clients system alias is not populated

Added by Steve Wheeler 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Plus-Next
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
All

Description

After creating an L2TP server and defining a 'Remote address range' for clients it should be possible to use that in firewall rules using the 'L2TP Clients' system alias.

However that alias is not populated so rules using it are never created.

For example this rule:

        <rule>
            <id></id>
            <tracker>1661518708</tracker>
            <type>pass</type>
            <interface>l2tp</interface>
            <ipprotocol>inet</ipprotocol>
            <tag></tag>
            <tagged></tagged>
            <max></max>
            <max-src-nodes></max-src-nodes>
            <max-src-conn></max-src-conn>
            <max-src-states></max-src-states>
            <statetimeout></statetimeout>
            <statetype><![CDATA[keep state]]></statetype>
            <os></os>
            <source>
                <network>l2tp</network>
            </source>
            <destination>
                <network>lan</network>
            </destination>
            <descr><![CDATA[Test L2TP]]></descr>
        </rule>

Results in:

# source address is empty.  label "USER_RULE: Test L2TP" 

However the l2tp client subnet does appear in the tonat list, it is recognised correctly.

Tested in 2.6 and 22.05.

Actions #1

Updated by Steve Wheeler 3 months ago

Tested using l2tp config:

    <l2tp>
        <radius>
            <server></server>
            <secret></secret>
        </radius>
        <remoteip>10.99.0.0</remoteip>
        <localip>10.99.0.128</localip>
        <l2tp_subnet>25</l2tp_subnet>
        <mode>server</mode>
        <interface>wan</interface>
        <n_l2tp_units>10</n_l2tp_units>
        <secret></secret>
        <paporchap>chap</paporchap>
        <dns1>10.99.0.128</dns1>
        <user>
            <name>test1</name>
            <ip></ip>
            <password><![CDATA[12345]]></password>
        </user>
    </l2tp>

Actions

Also available in: Atom PDF