Project

General

Profile

Todo #8332

pfBlockerNG doesn't include L2TP interface in outbound floating rules

Added by Stuart Wyatt over 2 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
02/15/2018
Due date:
% Done:

0%

Estimated time:

Description

pfBlockerNG needs an option on the General tab for "L2TP Interface" similar to the "OpenVPN Interface" and "IPSec Interface" options.

Without the option the auto outbound floating rules do not have the L2TP VPN interface selected.

History

#1 Updated by Jim Pingle over 2 years ago

  • Target version deleted (2.4.3)

#2 Updated by BBcan177 . about 2 years ago

I am not sure this needs an option? Aren't the interfaces available?

#3 Updated by Stuart Wyatt about 2 years ago

I'm not sure what you mean by "interfaces available". The problem is that there are no options for the L2TP interface similar to the two check box options below:

OpenVPN Interface:
Select to add auto-rules for OpenVPN. This is only required when the OpenVPN Interface is not listed above.
OpenVPN Server (Outbound auto-rules only), OpenVPN Client (Both In/Outbound auto-rules)
These will be added to 'Floating Rules' or OpenVPN rules tab.

IPSec Interface:
Select to add 'Outbound' auto-rules for IPSec. These will be added to 'Floating Rules' or IPSec rules tab.

#4 Updated by Viktor Gurov 5 months ago

Mpd5 will create new L2TP interfaces for each client:
l2tp0, l2tp1, l2tp2 etc..

The only way to apply firewall rules on L2TP clients is to use floating rules

see https://redmine.pfsense.org/issues/4727

#5 Updated by Stuart Wyatt 5 months ago

Something still needs to be fixed.

Either the rule needs to be applied to any/all L2TP interfaces created, or the option to select "L2TP VPN" interface in Rules/Floating/Edit Firewall Rule/Interface shouldn't be there if it won't work.

The former would be the ideal solution, but if it can't be done the UI should not imply that it can be done.

#6 Updated by Jim Pingle 5 months ago

Rules shouldn't be needed for each individual L2TP interface. There is an interface group called "l2tp" which handles rules for all interfaces involved in L2TP internally. See my reply on #4727.

Also available in: Atom PDF