Bug #4830: "Interface" selected in GUI for L2TP server are not respected in mpd's config - pfSense - pfSense bugtracker

Bug #4830

"Interface" selected in GUI for L2TP server are not respected in mpd's config

Added by Taras Savchuk over 5 years ago. Updated about 5 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

L2TP

Target version:

2.2.5

Start date:

07/11/2015

Due date:

% Done:

100%

Estimated time:

Affected Version:

All

Affected Architecture:

Description

I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense from each of WANs in HO. Each branch office (BO) connects to both external IPs of HO via L2TP. I selected LAN for L2TP server's "Interface" in GUI (HO), but it I see via sockstat that it still listens on *:1701. Session from BO to WAN1 (default gw) of HO established. Session from BO to WAN2 of HO fails with this error:
Jul 12 01:01:05 l2tps: Incoming L2TP packet from 178.173.20.227 33450 Jul 12 01:01:05 l2tps: L2TP: connect: Address already in use

I added LAN ip directly in mpd's config (/var/etc/l2tp-vpn/mpd.conf) by hand and this solved problem for me:
l2tp_standard: ... set l2tp self 192.168.0.1
Now both L2TP sessions from BO to HO are established. Sockstat shows mpd is listening on LAN IP only.

Link to my question in pfSense's forum:
https://forum.pfsense.org/index.php?topic=95908.0

P.S. Another desire to be able to setup two or more independent L2TP servers (as we can do for OpenVPN). It'll make easier to setup interfaces costs for OSPF.

vpn.inc.diff.txt (230 Bytes) vpn.inc.diff.txt

vpn.inc's diff

Taras Savchuk, 07/12/2015 01:18 AM

History

#1 Updated by Phillip Davis over 5 years ago

The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention of 'interface'. It seems to me that there is simply no code to implement the selected interface - seems odd, but would explain why selecting a particular interface has no effect.

#2 Updated by Taras Savchuk over 5 years ago

Works for me.

[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig 1650,1654d1649 < $l2tp_listen=""; < $ipaddr = get_interface_ip(get_failover_interface($l2tpcfg['interface'])); < if (is_ipaddrv4($ipaddr)) < $l2tp_listen="set l2tp self $ipaddr"; < 1712d1706 < {$l2tp_listen}

P.S. Don't know is it necessary to check IP with is_ipaddrv4().

#3 Updated by Taras Savchuk over 5 years ago

File vpn.inc.diff.txt vpn.inc.diff.txt added

Diff attached.

#4 Updated by Taras Savchuk over 5 years ago

Can it be included into 2.2.4?

#5 Updated by Phillip Davis over 5 years ago

It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and submit a pull request. It can all be done online easily.

#6 Updated by Taras Savchuk over 5 years ago

Thanks Phillip!

Done.

#7 Updated by Kill Bill about 5 years ago

Resubmitted as:
https://github.com/pfsense/pfsense/pull/1911 - RELENG_2_2
https://github.com/pfsense/pfsense/pull/1912 - master

#8 Updated by Renato Botelho about 5 years ago

Status changed from New to Feedback
Priority changed from High to Normal
Target version set to 2.2.5
% Done changed from 0 to 100

Pull request has been merged and cherry-picked to RELENG_2_2

#9 Updated by Chris Buechler about 5 years ago

Status changed from Feedback to Resolved
Affected Version changed from 2.2.2 to All

fixed, thanks!

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries