2.0 RC3 - Can PPP L2TP be used to create an L2TP tunnel?
JackTripper last edited by
i noticed in pfSense 2.0 (RC3) that my PPPoE interface is now a PPPoE tunnel assigned to my WAN NIC (Network Interface Card):
where the PPPOE0(xl0) - firstname.lastname@example.org network port is defined on to PPPs tab:
i thought this was interesting, and i wonder if it was finally possible to Have pfSense Connect and Route to a PPTP Server. It would be great if i could create a PPTP/L2TP tunnel (just like i have a PPPoE tunnel) that connects and knows to route traffic destined for the 10.0.0.0/16 out the PPP tunnel:
e.g. route add 10.0.0.0 255.255.0.0 if OPT2
So is it possible?
i tried creating the PPP tunnel:
My thought processes for each of the settings were:
Link Type: PPTP
My first reaction was to use PPTP vpn protocol, because for a decade that's all Windows supported. Then i remembered that L2TP has been around in Windows and Windows Server for a long time and maybe i can use that "more standard" one. But then i remembered that our work firewalls are all configured for PPTP (1723 and GRE), so PPTP it is.
Link Interface(s): WAN
i know i said xl0 would be the interface that the tunnel is established on. But then i realized that the tunnel's traffic must be sent out an interface that can reach the internet. Strictly speaking my WAN network card is not connected to the internet - it only connects to the modem. The WAN interface (which is a PPPoE tunnel operating over xl0) is the actual internet interface.
If pfSense tried to establish a L2TP on xl0 the only device that would see the traffic is the modem. The traffic must go out the PPPoE tunnel, which means the WAN interface.
VPN to Work
Pretty self-explanatory; any arbitrary text
That is my username and password combination that work's VPN server will check.
Local IP (wan): 10.0.4.5 / 16
Now is where my hope begins to fade. When i VPN to work from my Windows desktop i don't have to assign an IP address; the server automatically gives me one. Much the same way that the PPPoE tunnel doesn't need an IP. Maybe i can just leave it blank?:
Local IP (wan):
It took it, so i'll leave it blank instead
Gateway (wan): 184.108.40.206
This must be the address of the vpn server at work (i.e. IP address of work).
Now that i have the tunnel created, i can return to Interfaces and create a new interface out of this tunnel:
Except that when i save the changes it new OPT1 interface reverts to xl0 rather than my new PPP tunnel.
So i'm stuck