Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me create l2tp vpn

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nicolaj
      last edited by

      I'm trying to create a l2tp vpn but it doesn't work as the doc describes https://doc.pfsense.org/index.php/L2TP/IPsec#Configure_L2TP_Server. I follow the instructions and leave radius off, but when hitting save, it says "A valid RADIUS server address must be specified." even tho radius is off and there is no such field to fill out.

      Any suggestions ?
      Udklip.PNG
      Udklip.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense
        last edited by

        I haven't set up L2TP yet however, from my Mikrotik days, if you're using DNS, I believe it should be the L2TP server or left blank. Also, you have three users but have a static IP address…I believe you should have at least a pool of three addresses.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • N
          nicolaj
          last edited by

          192.168.2.1 is just the starting address for the pool, the subnet is /25 so it should automatically occupy 192.168.2.2 and .2.3 if more users connect. The doc says to "Set 'L2TP DNS Servers as needed, or leave blank" when trying to create the server it auto fills the dns. Just tried leaving them blank but i get same error.

          1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense
            last edited by

            You might find helpful hints here:  https://forum.pfsense.org/index.php?topic=141928.0

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              192.168.2.0 is not a valid gateway address on a /24 or /25. It is the network address.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • N
                nicolaj
                last edited by

                I didn't manually enter that, it auto filled it. So i assumed it was correct, and by default it's set to /32, but the doc said to set it to /25, so i did. But i tried the other once and it didn't change the error.

                1 Reply Last reply Reply Quote 0
                • N
                  nicolaj
                  last edited by

                  Bump.

                  1 Reply Last reply Reply Quote 0
                  • N
                    nicolaj
                    last edited by

                    Bump.

                    1 Reply Last reply Reply Quote 0
                    • N
                      nicolaj
                      last edited by

                      How do i report this bug ?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        If you really believe it is a bug, redmine.pfsense.org

                        I don't know how much traction you'll get since it's…..L2TP.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • N
                          nicolaj
                          last edited by

                          @Derelict:

                          I don't know how much traction you'll get since it's…..L2TP.

                          I'm no vpn expert at all. But i don't understand why it would get less traction if the entire function isn't working.

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            "I didn't manually enter that, it auto filled it. "

                            No it didn't - not from pfsense.. Maybe your browser put in that nonsense… Which is prob why your getting a problem with your radius server entry..

                            I just fired this up with zero issues. I don't have any entry for radius..

                            Stuff can be left over from if was attempted to be be enabled before - so maybe you have stuff left in the radius server entry even though you don't have it current enabled, etc..  Try to enable it and remove anything that might be left in the radius server boxes when you hit save...

                            edit:  I was able to duplicate your problem if I click the enable radius - but in wrong entry in radius server IP and then uncheck enable radius - see 2nd attachment.  I would click enable and clear out any old entry that might be stuck in there.

                            If you want to put anything on redmine could be a feature request clear old boxes when uncheck for enable on stuff or not parse boxes that are not to be used, etc.

                            l2tpserver.png
                            l2tpserver.png_thumb
                            evenwhennoenabled.png
                            evenwhennoenabled.png_thumb

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 0
                            • N
                              nicolaj
                              last edited by

                              But that doesn't really make sense tho, how would my browser know to enter an ip that is outside the local subnet ?
                              I never entered anything in radius, but i tried enabling it, clear all boxes and disable it again. The boxes were autofilled with admin and dots in secrets. But yeah, i see now the error changes. I might actually get this to work.

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                Browsers autofill shit all the time.. There have been a few posts recently about browser filling in shit they shouldn't be filling in.  And then giving a weird parse error when the form was submitted about interfaces, etc..  I would have to dig up the old threads..  But have seen it multiple times as of late..

                                But I can tell you for sure pfsense is not going to autofil IP you want it to listen on - and no it shouldn't wouldn't put in a network address vs the host IP, etc…

                                edit:  Here you go
                                https://forum.pfsense.org/index.php?topic=138008.0

                                This is thread with link to other thread where the browser putting in shit...

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                1 Reply Last reply Reply Quote 0
                                • N
                                  nicolaj
                                  last edited by

                                  I can see how that would be annoying for people supporting pfsense as, depending on how fast the browers might autofill stuff. You don't know what autofilled it, and might not even consider the browser as the culprit.

                                  Btw, can i connect to the vpn if i'm connected to the local network that pfsense is hosting, just on the 192.168.1 subnet. Or would i have to find a separate network to test the connection from?
                                  Not sure how pfsense feels about that.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.