PPTP/L2TP on interfaces
-
I think it IS too late for 2.0.
But really is not hard because now you can update the firmware images and checkout a branch of your will directly from GUI.
Look at Updater-Settings under system->FirmwareSo you have to wait for this since really there need to be something under the hood to better support this than its done now.
-
gnhb, ermal, sevet, Micky, Loke - you're the best!
It works great now. The only two questions I have left are:
1. Will these changes make it into 2.0 release? or will we have to manually make the changes?
2. It seems that from our ISP's point of view - there's no need for PPTP if you can do L2TP. But I can't speak for others. I think that in Russia they still need that option. Maybe it would be a good idea to try and find out why it keeps on disconnecting every few seconds?Thanks a lot!
Ozzik, it's already included in the last builds. But you noticed this right? :) So no changes needed for DHCP+L2TP to work. The only thing need to be done is make possible to set hostname (not IP) as L2TP server. As for PPTP, it's not very popular now. In Russian/Ukraine the biggest provider is Beeline. They use L2TP instead of PPTP now in almost all areas they cover. Yes, it's still needed by some people, but speed and stability of PPTP is really bad (reason they use L2TP now). If i'd had possibility to connect to my provider by PPTP i'd try to see what's the problem, but i don't and i have no free hardware to set-up my own PPTP test server now. I hope left problems will be eliminated in final build, but i'm very happy because this feature already included so i don't need to merge it manually in every new build. ;D
This will not be excluded from the final 2.0 right? ;D
-
Loke, are you sure? Do you see a checkbox "Enable DHCP+L2TP or DHCP+PPTP."?
Besides, the ability to enter the ISP's hostname instead of the IP is a big deal. -
Loke, are you sure? Do you see a checkbox "Enable DHCP+L2TP or DHCP+PPTP."?
Besides, the ability to enter the ISP's hostname instead of the IP is a big deal.You don't need a checkbox "Enable DHCP+L2TP or DHCP+PPTP." to really use this feature, but if you want it, you can uncomment few lines in intefaces.php
You just need to set your WAN interface as L2TP and that's all. If you want to see both interfaces (L2TP and DHCP) you just need to add OPT interface and set it up like DHCP.
It will look like this.
-
Hi Guyz im from israel using pfsense for few years now.
at the last month i started using pfsense in in my work for a router to my servers.
i connected using HOT and bezeqint in L2TP connection i did the instruction on that thread which created OPT1 Interface (L2TP) and WAN (what i recive from the modem) internet in working and default routing is configured to OPT1 but i have 1 problem that i cannot define Inbound NAT i have an exchange server on 192.168.230.1 and my LAN port is set to 192.168.230.5 in Nat : Port forwording like the picture.
and cant seems to open that port from outside computer i cant get to one of the opened ports
in the picture you see exchange (that an alias to 192.168.230.1) and mailServer it's and alias for (25,80,443,51)i hope someone can try helping me to solve it.
thanks
-
did u check the firewall rule?
-
did u check the firewall rule?
what should be on a firewall rule ?
the NAT automaticlly Create a Firewall rule -
well, then I guess it's fine (it should allow from any to Exchange on any port -TCP/UDP) on OPT1 interface.
what's with the LAN port? Do u mean the LAN interface? -
well, then I guess it's fine (it should allow from any to Exchange on any port -TCP/UDP) on OPT1 interface.
what's with the LAN port? Do u mean the LAN interface?Yea i mean lan interface
-
so how come you're accessing web gui through 230.7?
-
firewall rules SS
-
so how come you're accessing web gui through 230.7?
funny me :-)
iwas wrong im on 230.7 :-)230.5 is connected using the same MODEM but in dial up gets a different IP
because i want the exchange to use different external IP than the office computers
-
let me get this straight, u have 230.5 and 230.7 both on the same machine, just as different interfaces? same subnet? are they bridged? i'm not sure u can do that.
-
let me get this straight, u have 230.5 and 230.7 both on the same machine, just as different interfaces? same subnet? are they bridged? i'm not sure u can do that.
it's irrelevent to the problem but ill try to explain what i did.
i have 2 machines 2 different machines.
i have 2 ISP users from the ISP (2 Public Ip's Perminent) and 1 Cable Modem so i put a hub after the modem and both pfsense (230.5, 230.7) Dials Differently and recive each own Ip.
230.5 will serve the offices while 230.7 will be for exchange use only. -
i see, nice thinking ;)
i'm asking because everything seems fine, so i'm looking for other things that could go wrong.
i only got 2 things on my mind:
1. is it actually possible to port forward several port via alias? i've never done that. maybe u should try just one port for now.
2. i hope u remembered to change the gateway on the exchange. -
the gateway for the exchange server is correclly something else a Fortigate router 230.2 which will go down in few days because we left the ADSL provider
im still keeping it like this because the pfsense wont deliver mails
-
omg you accually right ! i switched the gateway for the exchange server and it works !
why it is rellevent ? the exchange delivers information to the pfsense on the local network why it should use the gateway to trasnfer it ? -
because otherwise the exchange will send the reply to the fortigate router instead and it will never reach the original source on the internet. and it doesn't deliver the information to the pfsense - it tries to deliver to the outside.
-
great you helped me alot :-)
second thing that im considering is insted of using 2 ISP Users and 2 pfsense's my ISP can Give me virtualIP Pool i know how to configure it im the fortigate but how do i do it in pfsense over the L2TP dialup ? -
as far as I know you just configure it as virtual IPs.
http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F