Bug #4830
closed
"Interface" selected in GUI for L2TP server are not respected in mpd's config
100%
Description
I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense from each of WANs in HO. Each branch office (BO) connects to both external IPs of HO via L2TP. I selected LAN for L2TP server's "Interface" in GUI (HO), but it I see via sockstat that it still listens on *:1701. Session from BO to WAN1 (default gw) of HO established. Session from BO to WAN2 of HO fails with this error:Jul 12 01:01:05 l2tps: Incoming L2TP packet from 178.173.20.227 33450
Jul 12 01:01:05 l2tps: L2TP: connect: Address already in use
I added LAN ip directly in mpd's config (/var/etc/l2tp-vpn/mpd.conf) by hand and this solved problem for me:l2tp_standard:
...
set l2tp self 192.168.0.1
Now both L2TP sessions from BO to HO are established. Sockstat shows mpd is listening on LAN IP only.
Link to my question in pfSense's forum:
https://forum.pfsense.org/index.php?topic=95908.0
P.S. Another desire to be able to setup two or more independent L2TP servers (as we can do for OpenVPN). It'll make easier to setup interfaces costs for OSPF.
Files
Updated by Phillip Davis about 6 years ago
The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention of 'interface'. It seems to me that there is simply no code to implement the selected interface - seems odd, but would explain why selecting a particular interface has no effect.
Updated by Taras Savchuk about 6 years ago
Works for me.
[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig
1650,1654d1649
< $l2tp_listen="";
< $ipaddr = get_interface_ip(get_failover_interface($l2tpcfg['interface']));
< if (is_ipaddrv4($ipaddr))
< $l2tp_listen="set l2tp self $ipaddr";
<
1712d1706
< {$l2tp_listen}
P.S. Don't know is it necessary to check IP with is_ipaddrv4().
Updated by Taras Savchuk about 6 years ago
- File vpn.inc.diff.txt vpn.inc.diff.txt added
Diff attached.
Updated by Phillip Davis about 6 years ago
It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and submit a pull request. It can all be done online easily.
Updated by Kill Bill about 6 years ago
Resubmitted as:
https://github.com/pfsense/pfsense/pull/1911 - RELENG_2_2
https://github.com/pfsense/pfsense/pull/1912 - master
Updated by Renato Botelho almost 6 years ago
- Status changed from New to Feedback
- Priority changed from High to Normal
- Target version set to 2.2.5
- % Done changed from 0 to 100
Pull request has been merged and cherry-picked to RELENG_2_2
Updated by Chris Buechler almost 6 years ago
- Status changed from Feedback to Resolved
- Affected Version changed from 2.2.2 to All
fixed, thanks!