L2TP Server only allowing one VPN at a time
-
@stephenw10 Yes 1701 and No not under my control. All I get to setup on the LNS is the IP address to connect to and an ID (which PFSense doesn't use).
If you look at the diagram on this link: https://www.aa.net.uk/voice-and-mobile/data-sims/relay-data-sims-your-own-network/ I think that makes it clear.
The IOT device with one of these SIMs connects to the A&A LNS over the mobile networkl and that LNS connects to my PFSense L2TP server. The IOT device then authenticates with PAP/CHAP.
Yes I'm running the PFSense L2TP server on my WAN port. If it makes any difference I actually have two PFSense boxen in a CARP setup but on the PFSense L2TP server config page I can't pick the CARP WAN interface so I'm running it on igb2.
-
If it's any help, here's the setup page on the A&A LNS for each SIM.
-
Sorry to bug you but do you think there's any hope of getting this fixed/working?
If not I need to be looking for some alternate L2TP server as I'm under pressure to get this rolled out.
Thanks.
-
Sorry, we are flat out to get snapshots stable enough for public testing.
Just to be clear each of these IoT devices has it's own SIM/mobile connection? But they all come into pfSense using the same source IP and source port?
Steve
-
Got it in one :)
Yes, they each have a SIM and each connect over the mobile network to the A&A LNS. The A&A LNS then connects to PFSense on port 1701. The A&A LNS tends to use the same IP for every connection.
For the A&A LNS to PFSense L2TP connection I can set a hostname (aka login) and password (aka secret) for the L2TP connection as the screenshot shows although PFSense doesn't seem to use that info.
Each SIM also has a 'dialing number'/ICCID but again PFSense doesn't seem to make use of that.
.
-
Hmm, but it's the individual IoT devices making the L2TP connection to pfSense?
Not one L2TP tunnel that all the IoT devices use?
I'm unclear how this can possibly work in the first instance because will all clients using the same source address and port the L2TP server has no way to know what traffic to send to which client.
And I assume there must be some NAT happening somewhere since the IoT devices must at some level be using different IP addresses. How does that NAT device know which client to send packets to?
There must be something I'm not understanding here because I can't see how that could ever work.
-
Among ISPs (IMHO) A&A and have got to be in the top 1%. It would definitely be worth giving their support a call about this.
But in addition to that overview diagram they have a load of detailed docs:
https://support.aa.net.uk/Category:L2TP_HandoverSo in fact this is one L2TP tunnel with multiple ppp sessions across it.
I'm not sure if you can do that in pfSense directly. Not without some custom scripting perhaps.
I've never seen it done.But the first thing to try would be to make sure you have the same hostname set for all clients. The docs there show that will create a single tunnel with multiple sessions across it which is what you need.
Steve
Steve
-
You Sir are a Genius a Gentleman and a Scholar!
Setting the hostname on the A&A SIM control page to the same for each device (well three so far but I'm excited and want to report back ASAP) works :-) :-) :-)
Never have thought of that in a million years.
Thanks muchly.
PS - Agree on A&A. Been using them for decades.
-
Awesome! Good to know that works. Let us know how it goes.
Steve
-
@bingo600 I'm wondering is you have found solution to this? Mine problem is similar only I user Conezilla to clone my hdd with Debian 9 stretch, three of clients can be working by getting their private ip. The others get duplicate ip and I can't find any clue. Please let me know if you happen to know it.
-
Did you reply on the wrong thread? This looks completely unrelated (or spam).
Steve
-
@stephenw10
The answer to the clonezilla issue above has to be 42And could "smell" of a wrong thread or as you mentioned. Someone "upping" their post count, in order to .......
/Bingo
-
sorry Im new to this forum, could someone tell me where to put this issue so that I can find my solution? Thanks.
-
Is this an L2TP problem? Open a thread General pfSense Questions if you're unsure. We can always move it. Give as much details about the problem as you can.
Steve
