Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static route problem with L2TP/IPSec VPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Feche
      last edited by

      I have installed pfSense 2.4.4 on an ESXi virtual machine, and I use it as firewall/dhcp server/etc for other virtual machines - I use L2TP/IPSec VPN to connect my server to my home Mikrotik router.

      alt text

      pfSense L2TP ip: 172.16.0.254

      Mikrotik L2TP ip: 172.16.0.100

      So on my Mikrotik I have a static route pointing the 10.10.11.0/24 network to next-hop 172.16.0.254

      And on pfSense I have a static route pointing the 10.0.0.0/24 network to next-hop 172.16.0.100

      Until here, everything works FINE - the problem is when the L2TP/IPSec goes down for-what-ever-reason, for some reason, pfSense DELETES the static route from routing table, so when the VPN goes back up again, I can access from my home to server, but not vice-versa.

      If I disable the static-route, and re enable it again (from System -> Routing -> Static routes), everything goes back to normal.

      I found out that the l2tp1 interface that pfSense creates when a VPN client connects, it's deleted when the user disconnects, so I asume that this is the problem? is there any workaround or solution to this?

      I have also tried with OSPF (so that the routes are sent automatically when the VPN reconnects) - but since the l2tp1 interface is deleted, I have to manually assign again the interface for OSPF to work with, so it's the same as nothing.

      Any help please?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.