L2TP server does not respond properly from a CARP VIP
If you setup an L2TP server and try to connect to a CARP VIP on the same interface, it does not work. The server responds from the interface IP rather than the CARP VIP.
The PPTP server does not suffer the same limitation (though it is TCP, not UDP.)
Can be worked around by adding a port forward on the CARP VIP to the WAN IP for udp/1701.
Updated by Chris Buechler almost 11 years ago
- Target version deleted (
Updated by Jim Pingle almost 11 years ago
This seems to be the classic UDP problem where the system will source the reply from the "closest" address rather than a specified. I didn't see a directive for mpd to bind only to a specific IP so there may not be a good way around this.
Using the port forward method works fine, we may just have to document the issue rather than trying to hack around it in a non-intuitive way.
Updated by Kris Phillips over 1 year ago
Since we don't recommend L2TP for new IPSec VPN setups, this can likely be closed as Rejected. No point in keeping it open any longer as L2TP is basically deprecated.