Project

General

Profile

Actions

Bug #4830

closed

"Interface" selected in GUI for L2TP server are not respected in mpd's config

Added by Taras Savchuk about 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
L2TP
Target version:
Start date:
07/11/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense from each of WANs in HO. Each branch office (BO) connects to both external IPs of HO via L2TP. I selected LAN for L2TP server's "Interface" in GUI (HO), but it I see via sockstat that it still listens on *:1701. Session from BO to WAN1 (default gw) of HO established. Session from BO to WAN2 of HO fails with this error:
Jul 12 01:01:05 l2tps: Incoming L2TP packet from 178.173.20.227 33450
Jul 12 01:01:05 l2tps: L2TP: connect: Address already in use

I added LAN ip directly in mpd's config (/var/etc/l2tp-vpn/mpd.conf) by hand and this solved problem for me:
l2tp_standard:
...
set l2tp self 192.168.0.1

Now both L2TP sessions from BO to HO are established. Sockstat shows mpd is listening on LAN IP only.

Link to my question in pfSense's forum:
https://forum.pfsense.org/index.php?topic=95908.0

P.S. Another desire to be able to setup two or more independent L2TP servers (as we can do for OpenVPN). It'll make easier to setup interfaces costs for OSPF.


Files

vpn.inc.diff.txt (230 Bytes) vpn.inc.diff.txt vpn.inc's diff Taras Savchuk, 07/12/2015 01:18 AM
Actions #1

Updated by Phillip Davis about 6 years ago

The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention of 'interface'. It seems to me that there is simply no code to implement the selected interface - seems odd, but would explain why selecting a particular interface has no effect.

Actions #2

Updated by Taras Savchuk about 6 years ago

Works for me.

[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig
1650,1654d1649
< $l2tp_listen="";
< $ipaddr = get_interface_ip(get_failover_interface($l2tpcfg['interface']));
< if (is_ipaddrv4($ipaddr))
< $l2tp_listen="set l2tp self $ipaddr";
<
1712d1706
< {$l2tp_listen}

P.S. Don't know is it necessary to check IP with is_ipaddrv4().

Actions #3

Updated by Taras Savchuk about 6 years ago

Diff attached.

Actions #4

Updated by Taras Savchuk about 6 years ago

Can it be included into 2.2.4?

Actions #5

Updated by Phillip Davis about 6 years ago

It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and submit a pull request. It can all be done online easily.

Actions #6

Updated by Taras Savchuk about 6 years ago

Thanks Phillip!

Done.

Actions #8

Updated by Renato Botelho almost 6 years ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version set to 2.2.5
  • % Done changed from 0 to 100

Pull request has been merged and cherry-picked to RELENG_2_2

Actions #9

Updated by Chris Buechler almost 6 years ago

  • Status changed from Feedback to Resolved
  • Affected Version changed from 2.2.2 to All

fixed, thanks!

Actions

Also available in: Atom PDF