Bug #4830
"Interface" selected in GUI for L2TP server are not respected in mpd's config
100%
Description
I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense from each of WANs in HO. Each branch office (BO) connects to both external IPs of HO via L2TP. I selected LAN for L2TP server's "Interface" in GUI (HO), but it I see via sockstat that it still listens on *:1701. Session from BO to WAN1 (default gw) of HO established. Session from BO to WAN2 of HO fails with this error:Jul 12 01:01:05 l2tps: Incoming L2TP packet from 178.173.20.227 33450
Jul 12 01:01:05 l2tps: L2TP: connect: Address already in use
I added LAN ip directly in mpd's config (/var/etc/l2tp-vpn/mpd.conf) by hand and this solved problem for me:l2tp_standard:
...
set l2tp self 192.168.0.1
Now both L2TP sessions from BO to HO are established. Sockstat shows mpd is listening on LAN IP only.
Link to my question in pfSense's forum:
https://forum.pfsense.org/index.php?topic=95908.0
P.S. Another desire to be able to setup two or more independent L2TP servers (as we can do for OpenVPN). It'll make easier to setup interfaces costs for OSPF.
History
#1
Updated by Phillip Davis over 5 years ago
The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention of 'interface'. It seems to me that there is simply no code to implement the selected interface - seems odd, but would explain why selecting a particular interface has no effect.
#2
Updated by Taras Savchuk over 5 years ago
Works for me.
[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig
1650,1654d1649
< $l2tp_listen="";
< $ipaddr = get_interface_ip(get_failover_interface($l2tpcfg['interface']));
< if (is_ipaddrv4($ipaddr))
< $l2tp_listen="set l2tp self $ipaddr";
<
1712d1706
< {$l2tp_listen}
P.S. Don't know is it necessary to check IP with is_ipaddrv4().
#3
Updated by Taras Savchuk over 5 years ago
- File vpn.inc.diff.txt vpn.inc.diff.txt added
Diff attached.
#4
Updated by Taras Savchuk over 5 years ago
Can it be included into 2.2.4?
#5
Updated by Phillip Davis over 5 years ago
It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and submit a pull request. It can all be done online easily.
#6
Updated by Taras Savchuk over 5 years ago
Thanks Phillip!
Done.
#7
Updated by Kill Bill over 5 years ago
Resubmitted as:
https://github.com/pfsense/pfsense/pull/1911 - RELENG_2_2
https://github.com/pfsense/pfsense/pull/1912 - master
#8
Updated by Renato Botelho over 5 years ago
- Status changed from New to Feedback
- Priority changed from High to Normal
- Target version set to 2.2.5
- % Done changed from 0 to 100
Pull request has been merged and cherry-picked to RELENG_2_2
#9
Updated by Chris Buechler over 5 years ago
- Status changed from Feedback to Resolved
- Affected Version changed from 2.2.2 to All
fixed, thanks!