Project

General

Profile

Actions

Bug #1667

open

L2TP server does not respond properly from a CARP VIP

Added by Jim Pingle over 13 years ago. Updated almost 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
L2TP
Target version:
-
Start date:
07/11/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
All

Description

If you setup an L2TP server and try to connect to a CARP VIP on the same interface, it does not work. The server responds from the interface IP rather than the CARP VIP.

The PPTP server does not suffer the same limitation (though it is TCP, not UDP.)

Can be worked around by adding a port forward on the CARP VIP to the WAN IP for udp/1701.

Actions #1

Updated by Chris Buechler over 12 years ago

  • Target version deleted (2.1)
Actions #2

Updated by Jim Pingle over 12 years ago

This seems to be the classic UDP problem where the system will source the reply from the "closest" address rather than a specified. I didn't see a directive for mpd to bind only to a specific IP so there may not be a good way around this.

Using the port forward method works fine, we may just have to document the issue rather than trying to hack around it in a non-intuitive way.

Actions #3

Updated by Kris Phillips almost 3 years ago

Since we don't recommend L2TP for new IPSec VPN setups, this can likely be closed as Rejected. No point in keeping it open any longer as L2TP is basically deprecated.

Actions

Also available in: Atom PDF