PPTP/L2TP on interfaces
-
Hi,
Thank you for working on this option.
I tried to test it by setting the physical interface as opt1 (dhcp ) and assigning the l2tp to wan.
Tried also by directly setting wan as l2tp and in the mlppp tab setting its physical interface. But i don't see it trying to connect (nothing in the system log and ppp log + wan is down).Am i doing something wrong here ?
Is there a way to see a more verbose log of the pptp/l2tp connection ?Thanks !
-
Some code that does this is currently in snapshots from June 15th or later, but it's commented out. You must uncomment it in /etc/inc/interfaces.inc like this (code below), and you must have a separate interface defined (like OPT1) that is set to enable DHCP on the same physical interface that the PPtP link is using.
The PPtP link won't come up at boot time. You'll have to start it manually from Status->Interfaces page. This will hopefully be less manual in the future.GB
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 84e1376..8bce426 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1062,13 +1062,13 @@ function interface_ppps_configure($interface) { /* XXX: This needs to go away soon! [It's commented out!] */ /* Configure the gateway (remote IP ) */ if (!$g['booting'] && !is_ipaddr($gateways[$pid]) && is_hostname($gateways[$pid])) { - /* XXX: Fix later + /* XXX: Fix later */ $gateways[$pid] = gethostbyname($gateways[$pid]); if(!is_ipaddr($gateways[$pid])) { log_error("Could not get a valid Gateway IP from {$port} via DNS in interfaces_ppps_configure."); return 0; } - */ + } if(!is_ipaddr($gateways[$pid])){ log_error("Could not get a PPtP/L2tP Remote IP address from {$dhcp_gateway} for {$gway} in interfaces_ppps_configure."); -
Hi,
finally got around to test it.In my testing environment I only have WAN and Wi-Fi for LAN, so I set WAN to DHCP, created another interface (OPT1) on the PPPs tab and configured it to PPTP. I also uncommented the code you mentioned, but as Micky said previously - nothing happens.
I see the "connect" button on the "interfaces" status, and when pressed - nothing happens, no logged events, nothing.
Am I doing something wrong?
-
I've managed to get the PPTP to dial up, but the no traffic outside.
I think the problem is the gateway, in the gateway list i can only see the DHCP gateway thorough which i dialed the VPN and not the PPTPs.And in PPP log:
Aug 3 20:07:29 ppp: [wan] IFACE: Up event
Aug 3 20:07:29 ppp: [wan] IFACE: Add route 0.0.0.0/0 212.25.114.90 failed: File exists
Aug 3 20:07:29 ppp: [wan] 84.110.xxx.xxx -> 212.25.114.90
Aug 3 20:07:29 ppp: [wan] IPCP: LayerUp
Aug 3 20:07:29 ppp: [wan] IPCP: state change Ack-Sent –> Opened
Aug 3 20:07:29 ppp: [wan] SECDNS 62.219.186.7
Aug 3 20:07:29 ppp: [wan] PRIDNS 192.117.235.235
Aug 3 20:07:29 ppp: [wan] IPADDR 84.110.xxx.xxx
Aug 3 20:07:29 ppp: [wan] IPCP: rec'd Configure Ack #3 (Ack-Sent)To get it to dial i set
OPT1 as DHCP (on physical interface)
WAN as PPTP (on OPT1) – and not on the physical interfaceOn L2TP it somehow tried to dial once but i cant repeat that, there is no button to start the interface in the status_interface.php page,
just "Status down".Edit:
Probably NOT the gateway, if i try to ping something the host name is resolved correctly. -
Try allowing traffic to flow in the firewall rules.
-
Micky,
can you be a bit more specific about how you set up the interfaces?
Did you enable the OPT1? What did enter on WAN interface in the regular "interfaces" page?
What/where did you enter on the new PPPs "interfaces" page?Thanks.
-
Starting with WAN set as DHCP on fxp0
(my wan physical interface is fxp0.)I did the following:
1. added PPTP link in ppps tab on fxp0 (will be changed later)
2. added OPT1 interface in the assign tab.
3. swapped OPT1 to fxp0 and WAN to pptp (assign tab)
4. went to the OPT1 config page, enabled it and set it do DHCP
5. in ppps tab edited the PPTP link and changed it from fxp0 to OPT1 (without this nothing will work)I didn't touch the WAN config page, it is automatically set to PPTP with the username and password.
And i'm dialing the PPTP server by IP ( i dont know the pptp hostname, only the l2tp [my isp: 014])I can ping the gateway and the hostnames are resolved correctly but no more then that.
Already tried to add Allow rules (any protocol) on all interfaces.
The weird part if i trace route something the first ip is 10.xxx.xxx.xxx (trace & ping done from console)
and i shouldn't have anything of this type (my lan is 192.168.xxx.xxx, OPT1 is 172.28.xxx.xxx and WAN (pptp) is 84.xxx.xxx.xxx).I'll try clean install and L2TP after the file edit bug fixed as VI and I are incompatible. :-\
(oh, and don't restart, the pptp wont connect after restart)
-
And here the l2tp log:
Aug 5 05:57:51 ppp: L2TP: Control connection 0x287d0d08 terminated: 6 (expecting reply; none received) Aug 5 05:56:50 ppp: L2TP: Initiating control connection 0x287d0d08 0.0.0.0 0 <-> 0.0.0.0 1701 Aug 5 05:56:50 ppp: [wan_link0] LCP: LayerStart Aug 5 05:56:50 ppp: [wan_link0] LCP: state change Initial --> Starting Aug 5 05:56:50 ppp: [wan_link0] LCP: Open event Aug 5 05:56:50 ppp: [wan_link0] Link: OPEN event Aug 5 05:56:50 ppp: mpd_wan.conf:35: Incorrect context for: 'set pptp disable windowing' Aug 5 05:56:50 ppp: mpd_wan.conf:34: Incorrect context for: 'set pptp peer 212.25.127.14' Aug 5 05:56:50 ppp: mpd_wan.conf:33: Incorrect context for: 'set pptp self 172.28.142.143' Aug 5 05:56:50 ppp: [wan] Bundle: Interface ng0 created Aug 5 05:56:50 ppp: web: web is not running Aug 5 05:56:50 ppp: process 17453 started, version 5.5 (root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org 17:45 2-Jul-2010) Aug 5 05:56:50 ppp: Aug 5 05:56:50 ppp: Multi-link PPP daemon for FreeBSDas far as i understand the ip addresses are not set correctly.
-
Managed to get L2TP working, modified interfaces.inc a bit, and still a small problem with DNS, gateway and that the L2TP interface doesnt have connect/disconnect button, but i'm writing this through pfsense.
changed:
if ($type == "pptp" || $type == "l2tp") { $mpdconf .= << <eod<br>set pptp self {$localips[$pid]} set pptp peer {$gateways[$pid]} set pptp disable windowing EOD;</eod<br>To
if ($type == "pptp") { $mpdconf .= << <eod<br>set pptp self {$localips[$pid]} set pptp peer {$gateways[$pid]} set pptp disable windowing EOD; } if ($type == "l2tp") { $mpdconf .= << <eod<br>set l2tp self {$localips[$pid]} set l2tp peer {$gateways[$pid]} set l2tp disable windowing EOD; }</eod<br></eod<br>(and uncommented the gateway part)
And after the link is up had to change the gateways, In pfsense console i did
route delete default
route add default 212.xxx.xxx.xxx(where the 212.xxx… address is the gateway acquired via the l2tp vpn dhcp - it is added to the table but not as the default route)
-
I have triad to do the same (Also 014 as ISP) but no joy.
Triad both l2tp & pptp.but just to be sure -
When I create the l2tp interface, I put the 212.179….. in the Gateway and leave the Local IP blank.
Am I correct ? -
Yes,
Where you got with it, dialed but no connection? nothing dialed ?
Notice that you must switch the vpn connection base interface to opt1 or it wont dial at all.
(enable & set opt1 to dhcp before that)And for L2TP I tested with the host name (hot.bezeqint.net = 212.25.127.14), for PPTP server I tried with the ip addresss
(212.179.61.76 - i dont know the host name)Also if you restart the box you'll have interface mismatch and you'll have to start everything from scratch.
-
What I am getting is: ~
Aug 6 08:01:36 ppp: [wan_link0] Link: reconnection attempt 8013 in 2 seconds Aug 6 08:01:38 ppp: [wan_link0] Link: reconnection attempt 8013 Aug 6 08:01:38 ppp: [wan_link0] PPTP call failed Aug 6 08:01:38 ppp: [wan_link0] Link: DOWN event Aug 6 08:01:38 ppp: [wan_link0] LCP: Down event Aug 6 08:01:38 ppp: [wan_link0] Link: reconnection attempt 8014 in 2 secondsand my virtual port is opt4.
I used 212.179.61.78 as the server for both L2TP and PPTP, as far as I know all 014's servers support both, so we might be able to connect using hot.bezeqint.net for both ppp's.Also - I think that I have a bug of some sort. the machine is trying to connect using L2TP and in the "Interfaces: Assign network ports" page I can assign l2tp0 to the port's but I don't have it on the "Interfaces: PPPs" page to work with.
seem to be a leftover from the test's… -
Never tried l2tp on 212.179 but i tried pptp on hot.bezeqint.net and it wont connect in windows,
so i think they use different servers ( i was surprised too as 013 use the same address )And what you describe happened to me several times, mainly if i restart one of the connection (or the entire box) or the opt interface is not enabled.
-
Until the moment where you are actualy connected to your ISP (014 in our case) and recives your static IP address from them, you are in the domain of HOT. They have the server that "sends" you to the ISP. SO hot's server can do it for all ISP's.
As far as I understand.
-
Where can I find the settings for pptp/l2tp links after I save them ?
I got a feeling that I have a ghost in my machine.My ppp logs show that the router is allways trying to dial out, but the ppp interface tab don't show that any link exist.
-
Show the section of patched code here, and the file /var/etc/mpd_wan.conf (or /var/etc/mpd_opt1.conf) and the output of these commands from the command line. (Uses page Diagnostics -> Command Prompt if you don't have terminal access).
ifconfig
ps auxw | grep mpd5
Also, show me the <ppps>section of /conf/config.xml
GB</ppps>
-
Show the section of patched code here, and the file /var/etc/mpd_wan.conf (or /var/etc/mpd_opt1.conf) and the output of these commands from the command line. (Uses page Diagnostics -> Command Prompt if you don't have terminal access).
ifconfig
ps auxw | grep mpd5
Also, show me the <ppps>section of /conf/config.xml
GB</ppps>
Hi, should i post it, or you were talking about Roi's configuration ?
And i don't know if this is the problem:
http://redmine.pfsense.org/issues/813But if L2TP set, after restart there is "interface mismatch" error and all the configuration lost.
Also is it possible to set the VPN to overwrite the DNSs ?
(to overwrite the 2 DNSs received from OPT1 DHCP)Thanks again for doing this options !!
-
Everybody should post the data I asked for.
GB
-
This is after i uncommented the part in interfaces.inc (and split the pptp and l2tp) set the interfaces,
mpd dialed and i changed the default route by doing:route delete default route add default 82.81.206.1ifconfig :
$ ifconfig re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 70:71:bc:09:3b:ec inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::7271:bcff:fe09:3bec%re0 prefixlen 64 scopeid 0x1 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic>ether 00:02:b3:2d:ad:5a inet6 fe80::202:b3ff:fe2d:ad5a%fxp0 prefixlen 64 scopeid 0x2 inet 172.28.142.143 netmask 0xffffe000 broadcast 255.255.255.255 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active pflog0: flags=100 <promisc>metric 0 mtu 33200 enc0: flags=0<> metric 0 mtu 1536 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 l2tp0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet 82.81.206.30 --> 82.81.206.1 netmask 0xffffffff inet6 fe80::7271:bcff:fe09:3bec%l2tp0 prefixlen 64 scopeid 0x7 nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast>ps auxw | grep mpd5
$ ps auxw | grep mpd5 root 59903 0.0 0.4 9488 4308 ?? Ss 4:09PM 0:00.03 /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/l root 63557 0.0 0.1 3656 1476 ?? S 4:21PM 0:00.00 sh -c ps auxw | grep mpd5 root 63867 0.0 0.1 3524 1256 ?? S 4:21PM 0:00.00 grep mpd5/conf/config.xml
<interfaces><wan><enable><if>l2tp0</if> <media><mediaopt><alias-address><alias-subnet>32</alias-subnet> <spoofmac><ipaddr>l2tp</ipaddr> <dhcphostname></dhcphostname></spoofmac></alias-address></mediaopt></media></enable></wan> <lan><enable><if>re0</if> <ipaddr>192.168.1.1</ipaddr> <subnet>24</subnet> <media><mediaopt></mediaopt></media></enable></lan> <opt1><if>fxp0</if> <enable><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <spoofmac></spoofmac></alias-address></dhcphostname></enable></opt1></interfaces><ppps><ppp><ptpid>0</ptpid> <type>l2tp</type> <if>l2tp0</if> <ports>opt1</ports> <username>micky</username> <password>MjgzMxEw</password> <localip><subnet>31</subnet> <gateway>hot.bezeqint.net</gateway> <bandwidth></bandwidth></localip></ppp></ppps>Everything was taken on 2.0-BETA4-20100810-0228.
please tell me if there is anything more i can do to help. -
Changing this line (1195) in util.inc solves the interface mismatch message on restart
from
if (preg_match("/^enc|^cua|^tun|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { $i++; }to
function is_interface_mismatch() { global $config, $g; /* XXX: Should we process only enabled interfaces?! */ $do_assign = false; $i = 0; foreach ($config['interfaces'] as $ifname => $ifcfg) { if (preg_match("/^enc|^cua|^tun|^pptp|^l2tp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { $i++; } else if (does_interface_exist($ifcfg['if']) == false) { $do_assign = true; } else $i++; }(just added "l2tp")
And to Add the Connect/disconnect button in interfaces status page:
in pfsense-utils.inc in function get_interface_info changed (at line 1275)
/* PPTP interface? -> get status from virtual interface */ case "pptp": if ($ifinfo['status'] == "up" && !isset($link0)) /* get PPTP link status for dial on demand */ $ifinfo['pptplink'] = "up"; else $ifinfo['pptplink'] = "down"; break; /* PPP interface? -> get uptime for this session and cumulative uptime from the persistant log file in conf */ case "ppp": if ($ifinfo['status'] == "up") $ifinfo['ppplink'] = "up"; else $ifinfo['ppplink'] = "down" ; if (empty($ifinfo['status']))To (Inserted the l2tp part):
case "pptp": if ($ifinfo['status'] == "up" && !isset($link0)) /* get PPTP link status for dial on demand */ $ifinfo['pptplink'] = "up"; else $ifinfo['pptplink'] = "down"; break; case "l2tp": if ($ifinfo['status'] == "up" && !isset($link0)) /* get PPTP link status for dial on demand */ $ifinfo['l2tplink'] = "up"; else $ifinfo['l2tplink'] = "down"; break; /* PPP interface? -> get uptime for this session and cumulative uptime from the persistant log file in conf */ case "ppp": if ($ifinfo['status'] == "up") $ifinfo['ppplink'] = "up"; else $ifinfo['ppplink'] = "down" ;And in status_interfaces.php added
[" class="formbtns">](status_interfaces.php?action=Disconnect&if=<?php echo $ifdescr; ?>) [" class="formbtns">](status_interfaces.php?action=Connect&if=<?php echo $ifdescr; ?>)Under the similar PPTP block;
but the vpn won't connect on restart nor on connection loss (like wan unplugged or modem restart)
until i set the opt1 as default route (system->routing->opt1->default gateway ).
Then the l2tp connection can be established (no more server no response error in the log).
After it is established i need to change again the opt1 to "not default gateway" -by just pressing delete –
(it automaticly sets the wan [l2tp] as default route and i have internet on the client computers)Hope it helps..