Help me create l2tp vpn



  • I'm trying to create a l2tp vpn but it doesn't work as the doc describes https://doc.pfsense.org/index.php/L2TP/IPsec#Configure_L2TP_Server. I follow the instructions and leave radius off, but when hitting save, it says "A valid RADIUS server address must be specified." even tho radius is off and there is no such field to fill out.

    Any suggestions ?



  • I haven't set up L2TP yet however, from my Mikrotik days, if you're using DNS, I believe it should be the L2TP server or left blank. Also, you have three users but have a static IP address…I believe you should have at least a pool of three addresses.



  • 192.168.2.1 is just the starting address for the pool, the subnet is /25 so it should automatically occupy 192.168.2.2 and .2.3 if more users connect. The doc says to "Set 'L2TP DNS Servers as needed, or leave blank" when trying to create the server it auto fills the dns. Just tried leaving them blank but i get same error.



  • You might find helpful hints here:  https://forum.pfsense.org/index.php?topic=141928.0


  • Netgate

    192.168.2.0 is not a valid gateway address on a /24 or /25. It is the network address.



  • I didn't manually enter that, it auto filled it. So i assumed it was correct, and by default it's set to /32, but the doc said to set it to /25, so i did. But i tried the other once and it didn't change the error.



  • Bump.



  • Bump.



  • How do i report this bug ?


  • Netgate

    If you really believe it is a bug, redmine.pfsense.org

    I don't know how much traction you'll get since it's…..L2TP.



  • @Derelict:

    I don't know how much traction you'll get since it's…..L2TP.

    I'm no vpn expert at all. But i don't understand why it would get less traction if the entire function isn't working.


  • Rebel Alliance

    "I didn't manually enter that, it auto filled it. "

    No it didn't - not from pfsense.. Maybe your browser put in that nonsense… Which is prob why your getting a problem with your radius server entry..

    I just fired this up with zero issues. I don't have any entry for radius..

    Stuff can be left over from if was attempted to be be enabled before - so maybe you have stuff left in the radius server entry even though you don't have it current enabled, etc..  Try to enable it and remove anything that might be left in the radius server boxes when you hit save...

    edit:  I was able to duplicate your problem if I click the enable radius - but in wrong entry in radius server IP and then uncheck enable radius - see 2nd attachment.  I would click enable and clear out any old entry that might be stuck in there.

    If you want to put anything on redmine could be a feature request clear old boxes when uncheck for enable on stuff or not parse boxes that are not to be used, etc.






  • But that doesn't really make sense tho, how would my browser know to enter an ip that is outside the local subnet ?
    I never entered anything in radius, but i tried enabling it, clear all boxes and disable it again. The boxes were autofilled with admin and dots in secrets. But yeah, i see now the error changes. I might actually get this to work.


  • Rebel Alliance

    Browsers autofill shit all the time.. There have been a few posts recently about browser filling in shit they shouldn't be filling in.  And then giving a weird parse error when the form was submitted about interfaces, etc..  I would have to dig up the old threads..  But have seen it multiple times as of late..

    But I can tell you for sure pfsense is not going to autofil IP you want it to listen on - and no it shouldn't wouldn't put in a network address vs the host IP, etc…

    edit:  Here you go
    https://forum.pfsense.org/index.php?topic=138008.0

    This is thread with link to other thread where the browser putting in shit...



  • I can see how that would be annoying for people supporting pfsense as, depending on how fast the browers might autofill stuff. You don't know what autofilled it, and might not even consider the browser as the culprit.

    Btw, can i connect to the vpn if i'm connected to the local network that pfsense is hosting, just on the 192.168.1 subnet. Or would i have to find a separate network to test the connection from?
    Not sure how pfsense feels about that.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy