PPTP/L2TP on interfaces

Loke · Mar 22, 2011, 8:08 PM

@ermal:

Loke, than just put 0.0.0.0 at local ip and be done with it.

Actually i did this :).
gnhb, no matter need you local ip or not it must be field or there will be connect to L2TP server on startup. And i've made the same changes you did with some small diff in interfaces.php and it works the same way.

eri-- · Mar 22, 2011, 8:20 PM

Loke,

if it does not startup at boot you better provide logs.

Loke · Mar 22, 2011, 10:51 PM

@ermal:

Loke,

if it does not startup at boot you better provide logs.

The funny thing is there is no errors related to this in logs. Everything seems to be fine, just it's not even trying to connect when there is no localip in config.xml
And i didn't found any dependence on this string except set {$type} self {$localips[$pid]} in interfaces.inc. But this problem is not related to this for sure.

roi · Mar 23, 2011, 9:55 AM

I am planing to setup a new machine this weekend just for testing this feature.
If there is any thing you'd like me to do-to-it-in-it

eri-- · Mar 23, 2011, 12:16 PM

I just pushed the fix to allow empty localip.

gnhb · Mar 24, 2011, 1:24 AM

I just merged Ermal's changes into my repository and added some minor changes to bringing L2TP/PPTP interfaces up and down manually from Status=>Interfaces page.

Is anyone testing ???
Post feedback!

Thanks,
GB

Ozzik · Mar 24, 2011, 4:46 AM

Hi gnhb,
I sent you a pm asking for those files you mentioned.

thanks.

Ozzik · Mar 24, 2011, 12:04 PM

ok, testing it now. this is what happens:
installed new pfsense 23.3.11 snapshot, cloned gnhb's git and followed his instructions.

regular dhcp on WAN: works as usual (gets the cable network pool IP 172.x.x.x)
checked the dhcp+pptp or dhcp+l2tp on WAN interface, applied.
went to PPPs tab, selected the pptp, the physical WAN interface, typed user/pass, and since I couldn't remember the hostname of the ISP's pptp server - went with the IP. Left the local IP blank. Saved and went back to interface assignment and replaced the physical interface on WAN with the now created pptp. Saved.

It gave me an error at the upper side of the page, but couldn't read it as it was overlayed by the menu(but it did contain the interfaces file in it).
On interfaces status page the WAN connection was down, but had a "connect" button. After pressing that some sort of connection appeared although it was all zeros. On refresh it went back down.

Below are the logs.
In addition to that I decided to relive this experiment, so I changed the WAN back to the regular DHCP, but couldn't get a regular IP, so I rebooted the pfsense. To my surprise it came on asking to define the interfaces on the console(like it was a new setup), but after defining only the WAN it came up remembering the LAN address. Kind of weird.

Anyway, doing this all over again gave me the same results.
Changing PPTP to L2TP did the same.

Any ideas?

Log:
Mar 24 11:53:03 php: /interfaces.php: Creating rrd update script
Mar 24 11:53:03 apinger: No usable targets found, exiting
Mar 24 11:53:03 apinger: Starting Alarm Pinger, apinger(14804)
Mar 24 11:53:03 check_reload_status: reloading filter
Mar 24 11:53:02 apinger: Exiting on signal 15.
Mar 24 11:53:00 dnsmasq[12671]: read /etc/hosts - 2 addresses
Mar 24 11:53:00 check_reload_status: updating dyndns wan
Mar 24 11:53:00 dnsmasq[12671]: using nameserver 192.168.101.101#53
Mar 24 11:53:00 dnsmasq[12671]: using nameserver 192.168.101.102#53
Mar 24 11:53:00 dnsmasq[12671]: reading /etc/resolv.conf
Mar 24 11:53:00 dnsmasq[12671]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Mar 24 11:53:00 dnsmasq[12671]: started, version 2.55 cachesize 10000
Mar 24 11:52:59 dnsmasq[37582]: exiting on receipt of SIGTERM
Mar 24 11:52:59 kernel: ng0: changing name to 'pptp0'
Mar 24 11:52:57 php: /interfaces.php: wan: pptp link warning. Can't get gateway ip address for fxp0. No host route added for .
Mar 24 11:52:57 php: /interfaces.php: The command 'route -q delete -host 212.143.205.253' returned exit code '1', the output was 'route: writing to routing socket: No such process'
Mar 24 11:52:57 php: /interfaces.php: wan: pptp link configuration warning. No ip address configured on fxp0. Using 0.0.0.0 ip!
Mar 24 11:52:54 check_reload_status: syncing firewall
Mar 24 11:43:42 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Mar 24 11:42:44 kernel: ng0: changing name to 'pptp0'
Mar 24 11:42:42 php: /status_interfaces.php: wan: pptp link warning. Can't get gateway ip address for fxp0. No host route added for .
Mar 24 11:42:42 php: /status_interfaces.php: The command 'route -q delete -host 212.143.205.253' returned exit code '1', the output was 'route: writing to routing socket: No such process'
Mar 24 11:42:42 php: /status_interfaces.php: wan: pptp link configuration warning. No ip address configured on fxp0. Using 0.0.0.0 ip!
Mar 24 11:42:42 apinger: Error while feeding rrdtool: Broken pipe
Mar 24 11:42:18 php: /interfaces_assign.php: Creating rrd update script
Mar 24 11:42:18 check_reload_status: syncing firewall
Mar 24 11:42:18 dnsmasq[37582]: read /etc/hosts - 2 addresses
Mar 24 11:42:18 check_reload_status: updating dyndns wan
Mar 24 11:42:18 dnsmasq[37582]: using nameserver 192.168.101.101#53
Mar 24 11:42:18 dnsmasq[37582]: using nameserver 192.168.101.102#53
Mar 24 11:42:18 dnsmasq[37582]: reading /etc/resolv.conf
Mar 24 11:42:18 dnsmasq[37582]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Mar 24 11:42:18 dnsmasq[37582]: started, version 2.55 cachesize 10000
Mar 24 11:42:17 dnsmasq[33305]: exiting on receipt of SIGTERM
Mar 24 11:42:15 kernel: ng0: changing name to 'pptp0'
Mar 24 11:42:14 php: /interfaces_assign.php: wan: pptp link warning. Can't get gateway ip address for fxp0. No host route added for .
Mar 24 11:42:14 php: /interfaces_assign.php: The command 'route -q delete -host 212.143.205.253' returned exit code '1', the output was 'route: writing to routing socket: No such process'
Mar 24 11:42:14 php: /interfaces_assign.php: interfaces: bringing down interfaces dependent on: wan
Mar 24 11:42:13 dhclient[14456]: exiting.
Mar 24 11:42:13 dhclient[14456]: exiting.
Mar 24 11:42:13 dhclient[14456]: connection closed
Mar 24 11:42:13 dhclient[14456]: connection closed
Mar 24 11:42:05 check_reload_status: syncing firewall
Mar 24 11:42:03 check_reload_status: reloading filter
Mar 24 11:41:53 apinger: ALARM: WAN(172.24.64.1) *** down ***
Mar 24 11:41:42 php: /interfaces.php: Creating rrd update script
Mar 24 11:41:42 apinger: Starting Alarm Pinger, apinger(34719)
Mar 24 11:41:42 check_reload_status: reloading filter
Mar 24 11:41:41 apinger: Exiting on signal 15.
Mar 24 11:41:39 check_reload_status: updating dyndns wan
Mar 24 11:41:39 dnsmasq[33305]: read /etc/hosts - 2 addresses
Mar 24 11:41:39 dnsmasq[33305]: using nameserver 192.168.101.101#53
Mar 24 11:41:39 dnsmasq[33305]: using nameserver 192.168.101.102#53
Mar 24 11:41:39 dnsmasq[33305]: reading /etc/resolv.conf
Mar 24 11:41:39 dnsmasq[33305]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Mar 24 11:41:39 dnsmasq[33305]: started, version 2.55 cachesize 10000
Mar 24 11:41:38 dnsmasq[43468]: exiting on receipt of SIGTERM
Mar 24 11:41:38 dnsmasq[43468]: using nameserver 192.168.101.101#53
Mar 24 11:41:38 dnsmasq[43468]: using nameserver 192.168.101.102#53
Mar 24 11:41:38 dnsmasq[43468]: reading /etc/resolv.conf
Mar 24 11:41:37 php: : interfaces: reloading interfaces dependent on: wan
Mar 24 11:41:37 apinger: Starting Alarm Pinger, apinger(25236)
Mar 24 11:41:37 check_reload_status: reloading filter
Mar 24 11:41:36 apinger: Exiting on signal 15.
Mar 24 11:41:36 php: : ROUTING: change default route to 172.24.64.1
Mar 24 11:41:36 php: /interfaces.php: ROUTING: change default route to 172.24.64.1
Mar 24 11:41:36 php: : rc.newwanip: on (IP address: 172.24.64.217) (interface: wan) (real interface: fxp0).
Mar 24 11:41:35 php: : rc.newwanip: Informational is starting fxp0.
Mar 24 11:41:35 dhclient[14419]: bound to 172.24.64.217 – renewal in 1752 seconds.
Mar 24 11:41:35 check_reload_status: rc.newwanip starting fxp0
Mar 24 11:41:35 dhclient: Creating resolv.conf
Mar 24 11:41:35 dhclient: /sbin/route add default 172.24.64.1
Mar 24 11:41:35 dhclient: Adding new routes to interface: fxp0
Mar 24 11:41:35 dhclient: New Routers (fxp0): 172.24.64.1
Mar 24 11:41:35 dhclient: New Broadcast Address (fxp0): 255.255.255.255
Mar 24 11:41:35 dhclient: New Subnet Mask (fxp0): 255.255.224.0
Mar 24 11:41:35 dhclient: New IP Address (fxp0): 172.24.64.217
Mar 24 11:41:35 dhclient: ifconfig fxp0 inet 172.24.64.217 netmask 255.255.224.0 broadcast 255.255.255.255
Mar 24 11:41:35 dhclient: Starting add_new_address()
Mar 24 11:41:35 dhclient: REBOOT
Mar 24 11:41:35 dhclient[14419]: DHCPACK from 10.175.192.1
Mar 24 11:41:35 dhclient[14419]: DHCPREQUEST on fxp0 to 255.255.255.255 port 67
Mar 24 11:41:35 dhclient: PREINIT
Mar 24 11:41:35 php: /interfaces.php: interfaces: bringing down interfaces dependent on: wan
Mar 24 11:41:34 php: /interfaces.php: The command '/bin/kill 12928' returned exit code '1', the output was 'kill: 12928: No such process'
Mar 24 11:41:34 dhclient[7500]: exiting.
Mar 24 11:41:34 dhclient[7500]: exiting.
Mar 24 11:41:34 dhclient[7500]: connection closed
Mar 24 11:41:34 dhclient[7500]: connection closed
Mar 24 11:41:34 dhclient: FAIL
Mar 24 11:41:24 check_reload_status: syncing firewall
Mar 24 11:41:02 apinger: Error while feeding rrdtool: Broken pipe
Mar 24 11:40:22 check_reload_status: reloading filter
Mar 24 11:40:12 check_reload_status: reloading filter
Mar 24 11:40:12 apinger: ALARM: WAN(172.24.64.1) *** down ***
Mar 24 11:40:11 sshlockout[15621]: sshlockout/webConfigurator v3.0 starting up
Mar 24 11:40:11 login: login on ttyv0 as root
Mar 24 11:40:10 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Mar 24 11:40:10 php: : Resyncing configuration for all packages.
Mar 24 11:40:09 php: : Creating rrd update script
Mar 24 11:40:07 php: : Resyncing OpenVPN instances for interface WAN.
Mar 24 11:40:04 dnsmasq[43468]: read /etc/hosts - 2 addresses
Mar 24 11:40:04 dnsmasq[43468]: using nameserver 192.168.101.101#53
Mar 24 11:40:04 dnsmasq[43468]: using nameserver 192.168.101.102#53
Mar 24 11:40:04 check_reload_status: updating all dyndns
Mar 24 11:40:04 dnsmasq[43468]: reading /etc/resolv.conf
Mar 24 11:40:04 dnsmasq[43468]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Mar 24 11:40:04 dnsmasq[43468]: started, version 2.55 cachesize 10000
Mar 24 11:40:04 php: : ROUTING: change default route to 172.24.64.1
Mar 24 11:40:02 apinger: Starting Alarm Pinger, apinger(26066)
Mar 24 11:40:02 check_reload_status: reloading filter
Mar 24 11:40:01 php: : ROUTING: change default route to 172.24.64.1
Mar 24 11:40:01 php: : rc.newwanip: on (IP address: 172.24.64.217) (interface: wan) (real interface: fxp0).
Mar 24 11:40:01 php: : rc.newwanip: Informational is starting fxp0.
Mar 24 11:40:00 kernel: pflog0: promiscuous mode enabled

Ozzik · Mar 24, 2011, 12:15 PM

And this is what happens if I type in the ISP's pptp server hostname:

Mar 24 12:06:18 php: /status_interfaces.php: wan: pptp link configuration failed. No ip address found for cable.netvision.net.il.
Mar 24 12:06:18 php: /status_interfaces.php: wan: pptp link configuration warning. No ip address configured on fxp0. Using 0.0.0.0 ip!
Mar 24 12:06:05 check_reload_status: syncing firewall

gnhb · Mar 24, 2011, 12:48 PM

@Ozzik => Yes I can see what is happening. You must select "the OPTx" interface and not the physical interface as your "Link Interface" when you set up the PPTP connection.

GB

gnhb · Mar 24, 2011, 12:59 PM

@Ozzik:

And this is what happens if I type in the ISP's pptp server hostname:

Mar 24 12:06:18 php: /status_interfaces.php: wan: pptp link configuration failed. No ip address found for cable.netvision.net.il.
Mar 24 12:06:18 php: /status_interfaces.php: wan: pptp link configuration warning. No ip address configured on fxp0. Using 0.0.0.0 ip!
Mar 24 12:06:05 check_reload_status: syncing firewall

If you want the DNS lookup to work, you have to have an IP address from the ISP already. I can see in your logs that DHCP starts and then fails/quits/gets killed. I think you have a mis-configuration in your setup. Read my instructions again and see it what you did really matches what I described.

GB

Ozzik · Mar 24, 2011, 1:35 PM

ok, I did what you suggested.
This brings me to the "fatal trap 12" every time I press connect.
the messages in the log look the same (regarding the routes), but the error I get on the console is this:

stopped at ng_ether_atach+0xdf mol %eax,0x4(%edx)

plus, when I reboot it from there it always comes up fixing some file system errors.

gnhb · Mar 25, 2011, 11:10 AM

@Ozzik: Post your config please.

Can you figure out why your DCHP client is bailing out?
Mar 24 11:42:13 dhclient[14456]: exiting.
Mar 24 11:42:13 dhclient[14456]: connection closed

GB

gnhb · Mar 25, 2011, 11:19 AM

Ozzik,
See this thread about DHCP client issues: http://forum.pfsense.org/index.php/topic,34791.0.html

Once that is worked out you might not have any problem with the PPTP/L2TP link.

GB

roi · Mar 25, 2011, 10:26 PM

After two days this is what I came up with:

Intel P4 2.6Ghz
Asus P4P800-ES Mainboard
3Gb DDR 400 Ram
Nvidia FX5200
Nic's:
1. On board: Marvell Yukon 8001
2. 3Com Etherlink XL 3c905b
3. Compaq NC3120 (Intel 82557 chipset)
4. Realtek 8139D
5. Davicom 9102
Running : pfSense-2.0-RC1-i386-20110325-1028

At the moment the Marvel is set to be WAN and is connected to a ADSL router feeding from another ISP.
One of the Nic's will be connected directly to the Cable modem.
Third will be LAN to a control desktop.

Let the games begine…

Ozzik · Mar 28, 2011, 1:52 PM

Hi,
sorry I couldn't do this earlier. But now I have some testing pc, so I can do this more comfortably.
Regarding the dhcp. When I set the WAN to just DHCP - it works. No problem, I get the right IP (172.x.x.x).
Only when I set it to "DHCP+" it starts to get flaky.
this is the first part of the log, it's right after the reboot (after I reassigned the interfaces through the console, WAN is on DHCP now):

Jan 1 00:28:50 apinger: Starting Alarm Pinger, apinger(39261)
Jan 1 00:28:49 check_reload_status: reloading filter
Jan 1 00:28:48 apinger: Exiting on signal 15.
Jan 1 00:28:48 php: : ROUTING: change default route to 172.29.32.1
Jan 1 00:28:48 php: /interfaces.php: ROUTING: change default route to 172.29.32.1
Jan 1 00:28:48 php: : rc.newwanip: on (IP address: 172.29.32.147) (interface: wan) (real interface: fxp0).
Jan 1 00:28:48 php: : rc.newwanip: Informational is starting fxp0.
Jan 1 00:28:48 dhclient[28705]: bound to 172.29.32.147 – renewal in 1073741823 seconds.
Jan 1 00:28:48 check_reload_status: rc.newwanip starting fxp0
Jan 1 00:28:48 dhclient: Creating resolv.conf
Jan 1 00:28:48 dhclient: /sbin/route add default 172.29.32.1
Jan 1 00:28:48 dhclient: Adding new routes to interface: fxp0
Jan 1 00:28:48 dhclient: New Routers (fxp0): 172.29.32.1
Jan 1 00:28:48 dhclient: New Broadcast Address (fxp0): 255.255.255.255
Jan 1 00:28:48 dhclient: New Subnet Mask (fxp0): 255.255.255.0
Jan 1 00:28:48 dhclient: New IP Address (fxp0): 172.29.32.147
Jan 1 00:28:48 dhclient: ifconfig fxp0 inet 172.29.32.147 netmask 255.255.255.0 broadcast 255.255.255.255
Jan 1 00:28:48 dhclient: Starting add_new_address()
Jan 1 00:28:48 dhclient: REBOOT
Jan 1 00:28:48 dhclient[28705]: DHCPACK from 10.18.124.1
Jan 1 00:28:48 dhclient[28705]: DHCPREQUEST on fxp0 to 255.255.255.255 port 67
Jan 1 00:28:47 dhclient: PREINIT
Jan 1 00:28:47 php: /interfaces.php: interfaces: bringing down interfaces dependent on: wan
Jan 1 00:28:46 dhclient[8508]: exiting.
Jan 1 00:28:46 dhclient[8508]: exiting.
Jan 1 00:28:46 dhclient[8508]: connection closed
Jan 1 00:28:46 dhclient[8508]: connection closed
Jan 1 00:28:46 dhclient: FAIL
Jan 1 00:28:44 check_reload_status: syncing firewall
Jan 1 00:28:26 apinger: Error while feeding rrdtool: Broken pipe
Jan 1 00:27:46 check_reload_status: reloading filter
Jan 1 00:27:36 check_reload_status: reloading filter
Jan 1 00:27:36 apinger: ALARM: WAN(172.29.32.1) *** down ***
Jan 1 00:27:35 sshlockout[21056]: sshlockout/webConfigurator v3.0 starting up
Jan 1 00:27:35 login: login on ttyv0 as root

as you can see - the DHCP worked.
now I check the DHCP+ option, apply, go to PPPs and create new pptp config(attach it to WAN, not physical interface). Then I assign the whole thing to WAN on the main "assign interfaces" menu, instead of the physical one.
this is the log so far:

Jan 1 00:30:54 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Jan 1 00:29:54 apinger: Error while feeding rrdtool: Broken pipe
Jan 1 00:29:38 php: /interfaces_assign.php: Creating rrd update script
Jan 1 00:29:38 check_reload_status: syncing firewall
Jan 1 00:29:38 dnsmasq[51042]: read /etc/hosts - 2 addresses
Jan 1 00:29:38 check_reload_status: updating dyndns wan
Jan 1 00:29:38 dnsmasq[51042]: using nameserver 192.168.101.101#53
Jan 1 00:29:38 dnsmasq[51042]: using nameserver 192.168.101.102#53
Jan 1 00:29:38 dnsmasq[51042]: reading /etc/resolv.conf
Jan 1 00:29:38 dnsmasq[51042]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Jan 1 00:29:38 dnsmasq[51042]: started, version 2.55 cachesize 10000
Jan 1 00:29:37 dnsmasq[46762]: exiting on receipt of SIGTERM
Jan 1 00:29:34 php: /interfaces_assign.php: wan: pptp link configuration failed. No ip address found for gch.bezeqint.net.
Jan 1 00:29:34 php: /interfaces_assign.php: wan: pptp link configuration warning. No ip address configured on pptp0. Using 0.0.0.0 ip!
Jan 1 00:29:34 php: /interfaces_assign.php: interfaces: bringing down interfaces dependent on: wan
Jan 1 00:29:33 dhclient[29026]: exiting.
Jan 1 00:29:33 dhclient[29026]: exiting.
Jan 1 00:29:33 dhclient[29026]: connection closed
Jan 1 00:29:33 dhclient[29026]: connection closed
Jan 1 00:29:18 check_reload_status: syncing firewall
Jan 1 00:29:14 check_reload_status: reloading filter
Jan 1 00:29:04 apinger: ALARM: WAN(172.29.32.1) *** down ***
Jan 1 00:28:54 php: /interfaces.php: Creating rrd update script
Jan 1 00:28:54 apinger: Starting Alarm Pinger, apinger(48772)
Jan 1 00:28:54 check_reload_status: reloading filter
Jan 1 00:28:53 apinger: Exiting on signal 15.
Jan 1 00:28:51 dnsmasq[46762]: read /etc/hosts - 2 addresses
Jan 1 00:28:51 check_reload_status: updating dyndns wan
Jan 1 00:28:51 dnsmasq[46762]: using nameserver 192.168.101.101#53
Jan 1 00:28:51 dnsmasq[46762]: using nameserver 192.168.101.102#53
Jan 1 00:28:51 dnsmasq[46762]: reading /etc/resolv.conf
Jan 1 00:28:51 dnsmasq[46762]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Jan 1 00:28:51 dnsmasq[46762]: started, version 2.55 cachesize 10000
Jan 1 00:28:50 dnsmasq[45557]: exiting on receipt of SIGTERM
Jan 1 00:28:50 dnsmasq[45557]: using nameserver 192.168.101.101#53
Jan 1 00:28:50 dnsmasq[45557]: using nameserver 192.168.101.102#53
Jan 1 00:28:50 dnsmasq[45557]: reading /etc/resolv.conf
Jan 1 00:28:50 php: : interfaces: reloading interfaces dependent on: wan

In addition, this is the error I get (overlayed by the main menu):
warning: invalid argument supplied for foreach() in /etc/inc/interfaces.inc on line 3089

Now I press "connect" button on the "interfaces_status" page:

php: /status_interfaces.php: wan: pptp link configuration failed. No ip address found for gch.bezeqint.net.
Jan 1 00:37:03 php: /status_interfaces.php: wan: pptp link configuration warning. No ip address configured on pptp0. Using 0.0.0.0 ip!
Jan 1 00:37:03 php: /status_interfaces.php: wan: pptp link configuration failed. No ip address found for gch.bezeqint.net.
Jan 1 00:37:03 php: /status_interfaces.php: wan: pptp link configuration warning. No ip address configured on pptp0. Using 0.0.0.0 ip!
Jan 1 00:30:54

that's that, nothing happens.
this is my config - pretty much all defaults. I opened the firewall rules wide open just for the sake of the test.


 <pfsense><version>7.7</version>
	 <lastchange><theme>pfsense_ng</theme>
	 <sysctl><tunable>debug.pfftpproxy</tunable>
			<value>default</value> 
		 <tunable>vfs.read_max</tunable>
			<value>default</value> 
		 <tunable>net.inet.ip.portrange.first</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.blackhole</tunable>
			<value>default</value> 
		 <tunable>net.inet.udp.blackhole</tunable>
			<value>default</value> 
		 <tunable>net.inet.ip.random_id</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.drop_synfin</tunable>
			<value>default</value> 
		 <tunable>net.inet.ip.redirect</tunable>
			<value>default</value> 
		 <tunable>net.inet6.ip6.redirect</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.syncookies</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.recvspace</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.sendspace</tunable>
			<value>default</value> 
		 <tunable>net.inet.ip.fastforwarding</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.delayed_ack</tunable>
			<value>default</value> 
		 <tunable>net.inet.udp.maxdgram</tunable>
			<value>default</value> 
		 <tunable>net.link.bridge.pfil_onlyip</tunable>
			<value>default</value> 
		 <tunable>net.link.bridge.pfil_member</tunable>
			<value>default</value> 
		 <tunable>net.link.bridge.pfil_bridge</tunable>
			<value>default</value> 
		 <tunable>net.link.tap.user_open</tunable>
			<value>default</value> 
		 <tunable>kern.rndtest.verbose</tunable>
			<value>default</value> 
		 <tunable>kern.randompid</tunable>
			<value>default</value> 
		 <tunable>net.inet.ip.intr_queue_maxlen</tunable>
			<value>default</value> 
		 <tunable>hw.syscons.kbd_reboot</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.inflight.enable</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.log_debug</tunable>
			<value>default</value> 
		 <tunable>net.inet.icmp.icmplim</tunable>
			<value>default</value> 
		 <tunable>net.inet.tcp.tso</tunable>
			<value>default</value> 
		 <tunable>kern.ipc.maxsockbuf</tunable>
			<value>default</value></sysctl> 
	 <system><optimization>normal</optimization>
		<hostname>pfsense</hostname>
		<domain>localdomain</domain>
		 <group><name>all</name>

			<scope>system</scope>
			<gid>1998</gid>
			<member>0</member></group> 
		 <group><name>admins</name>

			<scope>system</scope>
			<gid>1999</gid>
			<member>0</member>
			<priv>page-all</priv></group> 
		 <user><name>admin</name>

			<scope>system</scope>
			<groupname>admins</groupname>
			<password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
			<uid>0</uid>
			<priv>user-shell-access</priv></user> 
		<nextuid>2000</nextuid>
		<nextgid>2000</nextgid>
		<timezone>Etc/UTC</timezone>
		 <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
		 <webgui><protocol>https</protocol>
			<ssl-certref>4d89fa96059f9</ssl-certref></webgui> 
		<disablenatreflection>yes</disablenatreflection>
		 <disablesegmentationoffloading><disablelargereceiveoffloading><dns1gwint>wan</dns1gwint>
		<dns2gwint>none</dns2gwint>
		<dns3gwint>none</dns3gwint>
		<dns4gwint>none</dns4gwint>
		 <dnsallowoverride></dnsallowoverride></disablelargereceiveoffloading></disablesegmentationoffloading></time-update-interval></system> 
	 <interfaces><wan><enable><if>pptp0</if>
			 <blockbogons><media><mediaopt><alias-address><alias-subnet>32</alias-subnet>
			 <spoofmac><ipaddr>pptp</ipaddr>
			 <dhcphostname></dhcphostname></spoofmac></alias-address></mediaopt></media></blockbogons></enable></wan> 
		 <lan><if>re0</if>
			<ipaddr>192.168.0.238</ipaddr>
			<subnet>24</subnet>
			 <enable></enable></lan></interfaces> 
	 <staticroutes><dhcpd><pptpd><mode><redir><localip></localip></redir></mode></pptpd> 
	 <dnsmasq><enable></enable></dnsmasq> 
	 <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> 
	 <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag> 
	 <bridge><syslog><reverse><nentries>200</nentries></reverse></syslog> 
	 <filter><rule><id><type>pass</type>
			<interface>wan</interface>
			 <tag><tagged><max><max-src-nodes><max-src-conn><max-src-states><statetimeout><statetype>keep state</statetype>

			<source>
				 <any><destination><any></any></destination></any></statetimeout></max-src-states></max-src-conn></max-src-nodes></max></tagged></tag></id></rule> 
		 <rule><type>pass</type>

			<interface>lan</interface>
			<source>
				<network>lan</network>

			 <destination><any></any></destination></rule></filter> 
	 <ipsec><preferoldsa></preferoldsa></ipsec> 
	 <aliases><proxyarp><cron><minute>0</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 newsyslog 
		 <minute>1,31</minute>
			<hour>0-5</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 adjkerntz -a 
		 <minute>1</minute>
			<hour>3</hour>
			<mday>1</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh 
		 <minute>*/60</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 
		 <minute>1</minute>
			<hour>1</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update 
		 <minute>*/60</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot 
		 <minute>30</minute>
			<hour>12</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /etc/rc.update_urltables</cron> 
	 <wol><rrd><enable></enable></rrd> 
	 <load_balancer><monitor_type><name>ICMP</name>
			<type>icmp</type></monitor_type> 
		 <monitor_type><name>TCP</name>
			<type>tcp</type></monitor_type> 
		 <monitor_type><name>HTTP</name>
			<type>http</type>

			 <options><path>/</path>
				 <host>`200`</host></options></monitor_type> 
		 <monitor_type><name>HTTPS</name>
			<type>https</type>

			 <options><path>/</path>
				 <host>`200`</host></options></monitor_type> 
		 <monitor_type><name>SMTP</name>
			<type>send</type>

			 <options><send>EHLO nosuchhost</send>
				<expect>250-</expect></options></monitor_type></load_balancer> 
	 <widgets><sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence></widgets> 
	 <revision><time>1300973107</time>

		<username>admin</username></revision> 
	 <openvpn><l7shaper><container></container></l7shaper> 
	 <shaper><dnshaper><cert><refid>4d89fa96059f9</refid>

		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQU1Ka05qMVZxMFY3TUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRFdwpNekl6TVRNMU1ERTBXaGNOTVRZd09URXlNVE0xTURFMFdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUREWUMrMFpNMUFPMVMvb09idUZQeURiOGtrZHBkSk5lSDBOZ05RYVZuT1IvcFgyME0yMHA5NApWYWhJS2NidTNGcWNUZmZtOEtBcWxpVWhLVmhnNDI2bTRubk1LaXoyUmZLNWJXNzFoek91c0NJTVpndm1ZMlNvCjVwV1FVVXJ5WmM5Yy9FUEVEcXJlOExQWVJPZ2srQWpXekR4QjBVZTk5UmZwWjFyVGcrK0t4d0lEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGR0hFS2tkVG9SeVBNejNsblRiSHZ5eUNWd2JaTUlIMEJnTlZIU01FZ2V3dwpnZW1BRkdIRUtrZFRvUnlQTXozbG5UYkh2eXlDVndiWm9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FEQ1pEWTlWYXRGZXpBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUgrOVJRTTBjdjc2NTV5eGJrSUk5N28vTzBsVQpMamgrcUdHQTBtWHE4djFER29MVytxc1BEMElsZ0E3RkdjNW9CcXExcTljTTZuOWpjN3E5UUlJR21jTEYycTJlCllTZThwOGNUQXNNOUd3NGh4NkZGT3pzM1dqSnRoQURtRlp5VXZlR1k5REt4anFESlFlSWJFWFd3M3FkbnY4TisKSnJXUEFNV2VUUnlGL0UxcgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
		<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uLi4rKysrKysKLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLisrKysrKwplIGlzIDY1NTM3ICgweDEwMDAxKQotLS0tLUJFR0lOIFJTQSBQUklWQVRFIEtFWS0tLS0tCk1JSUNYZ0lCQUFLQmdRRERZQyswWk0xQU8xUy9vT2J1RlB5RGI4a2tkcGRKTmVIME5nTlFhVm5PUi9wWDIwTTIKMHA5NFZhaElLY2J1M0ZxY1RmZm04S0FxbGlVaEtWaGc0MjZtNG5uTUtpejJSZks1Ylc3MWh6T3VzQ0lNWmd2bQpZMlNvNXBXUVVVcnlaYzljL0VQRURxcmU4TFBZUk9naytBald6RHhCMFVlOTlSZnBaMXJUZysrS3h3SURBUUFCCkFvR0JBSzEwaitYUU9JbDJJMStlTW1mZEtmSm5KR1REQkwxeW9SQjNnNm00WG9yTlRHMER0VURPN2RXZjlxOWEKcDhzWXh6bE4zM0dnNEJIdkN6Zk54VEQvdWhQU2lVNzdHUkwzeUJycC96alhEdUxCZm5qT3ZMZmlBK3BnbGNobAp1UVM5dEdnUXEzV1lNRmQxTmViZGdsK2ZNT1p1QUhJNW5Gc0dsSnhIYkY3R0FRMkJBa0VBNHAwSnducURnQTVaCnFQL2Z4eWNObEJZbzdoTVRBVlFBRUNJRDhBUXc1MTlHVitpR0k1UEtSMVUrWmc5NTVYSzFZZlZ6ckZ4NjlLQlQKSllTeGpFc0hxUUpCQU55Mkk4ZktDanFxOUFQUlBkbGJ2M3YrSGFFUFNkNE5wZmVBa1VyWlBlMUdBQ20xYmJPNwpVYjM0N2VqeFkrM2ZOcVVRTmdxcXdlRlJZa0EvNmFPV3hPOENRQVZoWFIzMDhySlRwT1ZTVGVuWWo0WDRrTGcyClU3a3dXV0FJcnJkQUlqa2NGZnQ0VmRiNlowOFNRdzBCU1ErZGpaanB6dmxFcU5hdUI4dFlQeTdwaVNFQ1FRQ2sKKzIzaG9YQm1ESFlkQ0dNZ1FFbnh5TEdqUEVkdU9tdU9pRWVUV0xMRzA2VzVoOG82S05MZ205eFRYV1hpWVJGNgo3NVJHQXdDc2llWlV1ckhPUEJ4M0FrRUFsVWVZY3ZZQnB4RUphRlBOYjFMN3JVV0NLRkovOTgwSUdieVB5SXYwCjE2TzJuS2orU3JjekwzeDl4a3dOdEFBT1RtUDgvaWhrRjVjRFFzU0RxL081Z3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</prv></cert> 
	 <ppps><ppp><ptpid>0</ptpid>
			<type>pptp</type>
			<if>pptp0</if>
			<ports>wan</ports>
			<username>blahblah</username>
			<password>blah</password>
			 <localip><subnet>31</subnet>
			<gateway>gch.bezeqint.net</gateway>
			 <bandwidth></bandwidth></localip></ppp></ppps> 
	 <gateways></gateways></dnshaper></shaper></openvpn></wol></proxyarp></aliases></bridge></dhcpd></staticroutes></lastchange></pfsense>

Loke · Mar 28, 2011, 4:29 PM

ermal, thank you! now it works without local ip.

roi, how all this related to the topic???

Loke · Mar 28, 2011, 4:33 PM

@gnhb:

I just merged Ermal's changes into my repository and added some minor changes to bringing L2TP/PPTP interfaces up and down manually from Status=>Interfaces page.

Is anyone testing ???
Post feedback!

Thanks,
GB

Don't get it… Isn't Connnect/Disconnect button was there before? And this is a rhetoric question. ;D

Micky · Mar 28, 2011, 7:06 PM

@Ozzik

I didn't find the opt1 interface in your config, as far as i remember you should assign the physical interface to optx (and set it to DHCP), then create a ppp interface (l2tp) and use the opt1 as its link and only then assign the ppp to wan.
So there should be an additional OPTx interface.

@Loke

No, there was no connect/disconnect button at the interface status page for l2tp.

Ozzik · Mar 28, 2011, 7:21 PM

@Micky:
OK, I'll try that. Did you get it working with the new snapshots?