Actions
Bug #4727
closed
Rules on L2TP VPN Tab are ignored. All traffic from clients always allowed.
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
05/23/2015
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
https://forum.pfsense.org/index.php?topic=94108.25
Created L2TP/IPsec remote access VPN as per https://doc.pfsense.org/index.php/L2TP/IPsec
Rules placed on L2TP VPN tab appear to have no effect and all traffic from clients is passed into firewall regardless.
Updated by Viktor Gurov about 4 years ago
if ($config['l2tp']['mode'] == "server") {
$oic = array();
$oic['if'] = 'l2tp';
$oic['descr'] = 'L2TP';
- incorrect, there is no such interface as 'l2tp'
Mpd5 will create new interfaces for each client:
l2tp0, l2tp1, l2tp2 etc..
The only way to filter L2TP clients is using floating rules (see forum topic)
Updated by Viktor Gurov about 4 years ago
Updated by Jim Pingle about 4 years ago
- Status changed from New to Not a Bug
There is an interface group for l2tp, to which rules are applied. This works fine as-is.
: grep -i l2tp /tmp/rules.debug
L2TP = "{ l2tp }"
pass in quick on $L2TP inet from any to any tracker 1495466693 keep state label "USER_RULE"
l2tp1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet 10.5.177.2 --> 10.5.177.128 netmask 0xffffffff
inet6 fe80::20c:29ff:fe8e:6883%l2tp1 prefixlen 64 scopeid 0xf
groups: l2tp
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
: pfctl -vvsr | grep -A2 l2tp @94(1495466693) pass in quick on l2tp inet all flags S/SA keep state label "USER_RULE" [ Evaluations: 971710 Packets: 1906476 Bytes: 53540387 States: 1 ] [ Inserted: pid 6641 State Creations: 1521 ]
Actions