2.0 RC3 - Can PPP L2TP be used to create an L2TP tunnel?



  • i noticed in pfSense 2.0 (RC3) that my PPPoE interface is now a PPPoE tunnel assigned to my WAN NIC (Network Interface Card):

    where the PPPOE0(xl0) - ianboyd@superuser.com network port is defined on to PPPs tab:

    i thought this was interesting, and i wonder if it was finally possible to Have pfSense Connect and Route to a PPTP Server. It would be great if i could create a PPTP/L2TP tunnel (just like i have a PPPoE tunnel) that connects and knows to route traffic destined for the 10.0.0.0/16 out the PPP tunnel:

    • Destination: 10.0.x.x/16

    • Interface: L2TP(xl0)

    e.g. route add 10.0.0.0 255.255.0.0 if OPT2

    So is it possible?


    i tried creating the PPP tunnel:

    My thought processes for each of the settings were:

    Link Type: PPTP

    My first reaction was to use PPTP vpn protocol, because for a decade that's all Windows supported. Then i remembered that L2TP has been around in Windows and Windows Server for a long time and maybe i can use that "more standard" one. But then i remembered that our work firewalls are all configured for PPTP (1723 and GRE), so PPTP it is.

    Link Interface(s): WAN

    i know i said xl0 would be the interface that the tunnel is established on. But then i realized that the tunnel's traffic must be sent out an interface that can reach the internet. Strictly speaking my WAN network card is not connected to the internet - it only connects to the modem. The WAN interface (which is a PPPoE tunnel operating over xl0) is the actual internet interface.

    If pfSense tried to establish a L2TP on xl0 the only device that would see the traffic is the modem. The traffic must go out the PPPoE tunnel, which means the WAN interface.

    Description: VPN to Work

    Pretty self-explanatory; any arbitrary text

    • Username: ian

    • Password: ••••••••••••••

    That is my username and password combination that work's VPN server will check.

    Local IP (wan): 10.0.4.5 / 16

    Now is where my hope begins to fade. When i VPN to work from my Windows desktop i don't have to assign an IP address; the server automatically gives me one. Much the same way that the PPPoE tunnel doesn't need an IP. Maybe i can just leave it blank?:

    Local IP (wan):

    It took it, so i'll leave it blank instead

    Gateway (wan): 216.8.132.226

    This must be the address of the vpn server at work (i.e. IP address of work).

    Now that i have the tunnel created, i can return to Interfaces and create a new interface out of this tunnel:

    Except that when i save the changes it new OPT1 interface reverts to xl0 rather than my new PPP tunnel.

    So i'm stuck


Locked