Project

General

Profile

Bug #4830

"Interface" selected in GUI for L2TP server are not respected in mpd's config

Added by Taras Savchuk over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
L2TP
Target version:
Start date:
07/11/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense from each of WANs in HO. Each branch office (BO) connects to both external IPs of HO via L2TP. I selected LAN for L2TP server's "Interface" in GUI (HO), but it I see via sockstat that it still listens on *:1701. Session from BO to WAN1 (default gw) of HO established. Session from BO to WAN2 of HO fails with this error:
Jul 12 01:01:05 l2tps: Incoming L2TP packet from 178.173.20.227 33450
Jul 12 01:01:05 l2tps: L2TP: connect: Address already in use

I added LAN ip directly in mpd's config (/var/etc/l2tp-vpn/mpd.conf) by hand and this solved problem for me:
l2tp_standard:
...
set l2tp self 192.168.0.1

Now both L2TP sessions from BO to HO are established. Sockstat shows mpd is listening on LAN IP only.

Link to my question in pfSense's forum:
https://forum.pfsense.org/index.php?topic=95908.0

P.S. Another desire to be able to setup two or more independent L2TP servers (as we can do for OpenVPN). It'll make easier to setup interfaces costs for OSPF.

vpn.inc.diff.txt (230 Bytes) vpn.inc.diff.txt vpn.inc's diff Taras Savchuk, 07/12/2015 01:18 AM

History

#1 Updated by Phillip Davis over 4 years ago

The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention of 'interface'. It seems to me that there is simply no code to implement the selected interface - seems odd, but would explain why selecting a particular interface has no effect.

#2 Updated by Taras Savchuk over 4 years ago

Works for me.

[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig
1650,1654d1649
< $l2tp_listen="";
< $ipaddr = get_interface_ip(get_failover_interface($l2tpcfg['interface']));
< if (is_ipaddrv4($ipaddr))
< $l2tp_listen="set l2tp self $ipaddr";
<
1712d1706
< {$l2tp_listen}

P.S. Don't know is it necessary to check IP with is_ipaddrv4().

#3 Updated by Taras Savchuk over 4 years ago

Diff attached.

#4 Updated by Taras Savchuk over 4 years ago

Can it be included into 2.2.4?

#5 Updated by Phillip Davis over 4 years ago

It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and submit a pull request. It can all be done online easily.

#6 Updated by Taras Savchuk over 4 years ago

Thanks Phillip!

Done.

#8 Updated by Renato Botelho about 4 years ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version set to 2.2.5
  • % Done changed from 0 to 100

Pull request has been merged and cherry-picked to RELENG_2_2

#9 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved
  • Affected Version changed from 2.2.2 to All

fixed, thanks!

Also available in: Atom PDF