PPTP/L2TP on interfaces

roi

I have triad to do the same (Also 014 as ISP) but no joy.
Triad both l2tp & pptp.

but just to be sure -
When I create the l2tp interface, I put the 212.179….. in the Gateway and leave the Local IP blank.
Am I correct ?

Micky

Yes,

Where you got with it, dialed but no connection? nothing dialed ?
Notice that you must switch the vpn connection base interface to opt1 or it wont dial at all.
(enable & set opt1 to dhcp before that)

And for L2TP I tested with the host name  (hot.bezeqint.net = 212.25.127.14), for PPTP server I tried with the ip addresss
(212.179.61.76 - i dont know the host name)

Also if  you restart the box you'll have interface mismatch and you'll have to start everything from scratch.

roi

What I am getting is: ~

Aug 6 08:01:36	ppp: [wan_link0] Link: reconnection attempt 8013 in 2 seconds
Aug 6 08:01:38	ppp: [wan_link0] Link: reconnection attempt 8013
Aug 6 08:01:38	ppp: [wan_link0] PPTP call failed
Aug 6 08:01:38	ppp: [wan_link0] Link: DOWN event
Aug 6 08:01:38	ppp: [wan_link0] LCP: Down event
Aug 6 08:01:38	ppp: [wan_link0] Link: reconnection attempt 8014 in 2 seconds

and my virtual port is opt4.
I used 212.179.61.78 as the server for both L2TP and PPTP, as far as I know all 014's servers support both, so we might be able to connect using hot.bezeqint.net for both ppp's.

Also - I think that I have a bug of some sort. the machine is trying to connect using L2TP and in the "Interfaces: Assign network ports" page I can assign l2tp0 to the port's but I don't have it on the "Interfaces: PPPs" page to work with.
seem to be a leftover from the test's…

Micky

Never tried l2tp on 212.179 but i tried pptp on hot.bezeqint.net and it wont connect in windows,
so i think they use different servers ( i was surprised too as 013 use the same address )

And what you describe happened to me several times, mainly if i restart one of the connection (or the entire box) or the opt interface is not enabled.

roi

Until the moment where you are actualy connected to your ISP (014 in our case) and recives your static IP address from them, you are in the domain of HOT. They have the server that "sends" you to the ISP. SO hot's server can do it for all ISP's.

As far as I understand.

roi

Where can I find the settings for pptp/l2tp links after I save them ?
I got a feeling that I have a ghost in my machine.

My ppp logs show that the router is allways trying to dial out, but the ppp interface tab don't show that any link exist.

gnhb

Show the section of patched code here, and the file /var/etc/mpd_wan.conf (or /var/etc/mpd_opt1.conf) and the output of these commands from the command line. (Uses page Diagnostics -> Command Prompt if you don't have terminal access).

ifconfig

ps auxw | grep mpd5

Also, show me the <ppps>section of /conf/config.xml

GB</ppps>

Micky

@gnhb:

Show the section of patched code here, and the file /var/etc/mpd_wan.conf (or /var/etc/mpd_opt1.conf) and the output of these commands from the command line. (Uses page Diagnostics -> Command Prompt if you don't have terminal access).

ifconfig

ps auxw | grep mpd5

Also, show me the <ppps>section of /conf/config.xml

GB</ppps>

Hi, should i post it, or you were talking about Roi's configuration ?

And i don't know if this is the problem:
http://redmine.pfsense.org/issues/813

But if L2TP set, after restart there is "interface mismatch" error and all the configuration lost.

Also is it possible to set the VPN to overwrite the DNSs ?
(to overwrite the 2 DNSs received from OPT1 DHCP)

Thanks again for doing this options !!

gnhb

Everybody should post the data I asked for.

GB

Micky

This is after i uncommented the part in interfaces.inc (and split the pptp and l2tp)  set the interfaces,
mpd dialed and i changed the default route by doing:

route delete default
route add default 82.81.206.1 

ifconfig :

$ ifconfig
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 70:71:bc:09:3b:ec
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	inet6 fe80::7271:bcff:fe09:3bec%re0 prefixlen 64 scopeid 0x1 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic>ether 00:02:b3:2d:ad:5a
	inet6 fe80::202:b3ff:fe2d:ad5a%fxp0 prefixlen 64 scopeid 0x2 
	inet 172.28.142.143 netmask 0xffffe000 broadcast 255.255.255.255
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
	nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128
l2tp0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet 82.81.206.30 --> 82.81.206.1 netmask 0xffffffff 
	inet6 fe80::7271:bcff:fe09:3bec%l2tp0 prefixlen 64 scopeid 0x7 
	nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast> 

ps auxw | grep mpd5

$ ps auxw | grep mpd5
root   59903  0.0  0.4  9488  4308  ??  Ss    4:09PM   0:00.03 /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/l
root   63557  0.0  0.1  3656  1476  ??  S     4:21PM   0:00.00 sh -c ps auxw | grep mpd5
root   63867  0.0  0.1  3524  1256  ??  S     4:21PM   0:00.00 grep mpd5

/conf/config.xml

	 <interfaces><wan><enable><if>l2tp0</if>
			 <media><mediaopt><alias-address><alias-subnet>32</alias-subnet>
			 <spoofmac><ipaddr>l2tp</ipaddr>
			 <dhcphostname></dhcphostname></spoofmac></alias-address></mediaopt></media></enable></wan> 
		 <lan><enable><if>re0</if>
			<ipaddr>192.168.1.1</ipaddr>
			<subnet>24</subnet>
			 <media><mediaopt></mediaopt></media></enable></lan> 
		 <opt1><if>fxp0</if>
			 <enable><ipaddr>dhcp</ipaddr>
			 <dhcphostname><alias-address><alias-subnet>32</alias-subnet>
			 <spoofmac></spoofmac></alias-address></dhcphostname></enable></opt1></interfaces> 

	 <ppps><ppp><ptpid>0</ptpid>
			<type>l2tp</type>
			<if>l2tp0</if>
			<ports>opt1</ports>
			<username>micky</username>
			<password>MjgzMxEw</password>
			 <localip><subnet>31</subnet>
			<gateway>hot.bezeqint.net</gateway>
			 <bandwidth></bandwidth></localip></ppp></ppps> 

Everything was taken on 2.0-BETA4-20100810-0228.
please tell me if there is anything more i can do to help.

interfaces.inc.txt
mpd_wan.conf.txt

Micky

Changing this line (1195) in util.inc solves the interface mismatch message on restart

from

                if (preg_match("/^enc|^cua|^tun|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
                        $i++;
                }

to

function is_interface_mismatch() {
        global $config, $g;

        /* XXX: Should we process only enabled interfaces?! */
        $do_assign = false;
        $i = 0;
        foreach ($config['interfaces'] as $ifname => $ifcfg) {
                if (preg_match("/^enc|^cua|^tun|^pptp|^l2tp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
                        $i++;
                }
                else if (does_interface_exist($ifcfg['if']) == false) {
                        $do_assign = true;
                } else
                        $i++;
        }

(just added "l2tp")

And to Add the Connect/disconnect button in interfaces status page:

in pfsense-utils.inc in function  get_interface_info changed (at line 1275)

	/* PPTP interface? -> get status from virtual interface */
	case "pptp":
		if ($ifinfo['status'] == "up" && !isset($link0))
			/* get PPTP link status for dial on demand */
			$ifinfo['pptplink'] = "up";
		else
			$ifinfo['pptplink'] = "down";
		break;
	/* PPP interface? -> get uptime for this session and cumulative uptime from the persistant log file in conf */
	case "ppp":
		if ($ifinfo['status'] == "up")
			$ifinfo['ppplink'] = "up";
		else
			$ifinfo['ppplink'] = "down" ;

		if (empty($ifinfo['status']))

To (Inserted the l2tp part):

case "pptp":
		if ($ifinfo['status'] == "up" && !isset($link0))
			/* get PPTP link status for dial on demand */
			$ifinfo['pptplink'] = "up";
		else
			$ifinfo['pptplink'] = "down";
		break;
	case "l2tp":
		if ($ifinfo['status'] == "up" && !isset($link0))
			/* get PPTP link status for dial on demand */
			$ifinfo['l2tplink'] = "up";
		else
			$ifinfo['l2tplink'] = "down";
		break;

	/* PPP interface? -> get uptime for this session and cumulative uptime from the persistant log file in conf */
	case "ppp":
		if ($ifinfo['status'] == "up")
			$ifinfo['ppplink'] = "up";
		else
			$ifinfo['ppplink'] = "down" ;

And in status_interfaces.php added

				 [" class="formbtns">](status_interfaces.php?action=Disconnect&if=<?php echo $ifdescr; ?>)  [" class="formbtns">](status_interfaces.php?action=Connect&if=<?php echo $ifdescr; ?>) 

Under the similar PPTP block;

but the vpn won't connect on restart nor on connection loss (like wan unplugged or modem restart)
until i set the opt1 as default route (system->routing->opt1->default gateway ).
Then the l2tp connection can be established (no more server no response error in the log).
After it is established  i need to change again the opt1 to "not default gateway" -by just pressing delete –  
(it automaticly sets the wan [l2tp] as default route and i have internet on the client computers)

Hope it helps..

eri--

Thanks fixed some of the suggestions.

roi

So what is the status of L2TP/PPTP ?
Will I be able to connect to NezeqInt via Hot ?

eri--

Well without any 'specification' on connecting to that service provider i cannot tell you or help you.

If you find out what needs to be done i can probably look at it.

Ozzik

Ermal,
I believe, both Micky and roi were talking about the same providers, which are Bezeqint (ISP) and HOT (cable).
But I think all the ISPs have the same type of connection when connecting via cable. The second option is ADSL, which already comes with modem/router, making this setup obsolete.

Am I right, Micky,roi?

roi

Yep. we are both on the same ISP. Bezeq Int & Hot (cable).

ADSL is not a problem here as there is support for PPPOE, and I understand that it's supported long time ago.

eri--

What is the issue than?!

Micky

Hi,

The main problems i have with the l2tp connection are

1. if a L2TP connection established there is no internet on the lan computers until the gateway/default route are changed, either by "route default delete" & "route default add xxx.xxx.xxx.xxx" in the console
or by setting the wan gateway default in the gui.

2. if the connection lost or pfsense restart the L2TP wont dial until i reassign the interfaces again (then interface_configure() is called) or doing "status_interfaces.php?action=Connect&if=wan"
Then the L2TP will start dial but "server no response" error in pptp log until i press delete on the wan interface in the gui which sets the DHCP (OPT1 in my case) interface as default gateway.
Then it will connect and i have to set the new wan gateway as default again.

Thanks a lot for looking into it

eri--

Can you please provide details on this!
Logs configuration screens or config.xml and stuff like that.

roi

I at the moment have stopped trying.
I am just following the subject trying to catch on to you when it will be sorted out.