Pfsense 2.3 + L2tp + zyxel keneect

aww

Точка цепляется к серверу.
Получает адреса.
исходящий трафик от точки идет. Входящего нет.
Адрес 192,168,10,100 с сервера пингуется
Адрес 192168,10,1 не пингуется и почему то пакеты кидает на wan интерфейс.
в iptables разрешил весь трафик на лан, ван, l2tp интерфейсе.
Где грабли не пойму. Буду признателен за помощь
Заранее спасибо.
Схема организации

WiFi(wan 10.71.221.48)<–>Router(ip 10.71.221.1) <--> Router (ip10.71.192.1) <--> pfsense (Wan - internet)
(Lan 192.168.1.1) (Lan 10.71.192.38)
(l2tp 192.168.10.1) (l2tp 192.168.10.100)

Ниже лог l2tp pfsense и маршрутизация сервера, Лог zyxel и маршрутизация

log pfsense + Routes

Last 150 L2TP Service Log Entries. (Maximum 150)
May 10 10:11:33 l2tps [l2tp0] LCP: no reply to 8 echo request(s)
May 10 10:11:43 l2tps [l2tp0] LCP: no reply to 9 echo request(s)
May 10 10:11:53 l2tps [l2tp0] LCP: no reply to 10 echo request(s)
May 10 10:11:56 l2tps [l2tp0] L2TP: call #1 terminated: result=2 error=6 errmsg="control connection closing"
May 10 10:11:56 l2tps [l2tp0] link: DOWN event
May 10 10:11:56 l2tps [l2tp0] LCP: Close event
May 10 10:11:56 l2tps [l2tp0] LCP: state change Opened --> Closing
May 10 10:11:56 l2tps [l2tp0] AUTH: Accounting data for user aww: 125 seconds, 189 octets in, 377 octets out
May 10 10:11:56 l2tps [l2tp0] Bundle up: 0 links, total bandwidth 9600 bps
May 10 10:11:56 l2tps [l2tp0] IPCP: Close event
May 10 10:11:56 l2tps [l2tp0] IPCP: state change Opened --> Closing
May 10 10:11:56 l2tps [l2tp0] IPCP: SendTerminateReq #135
May 10 10:11:56 l2tps [l2tp0] error writing len 8 frame to bypass: Network is down
May 10 10:11:56 l2tps [l2tp0] IPCP: LayerDown
May 10 10:11:56 l2tps [l2tp0] IFACE: Down event
May 10 10:11:56 l2tps [l2tp0] CCP: Close event
May 10 10:11:56 l2tps [l2tp0] CCP: state change Stopped --> Closed
May 10 10:11:56 l2tps [l2tp0] IPCP: Down event
May 10 10:11:56 l2tps [l2tp0] IPCP: LayerFinish
May 10 10:11:56 l2tps [l2tp0] No NCPs left. Closing links...
May 10 10:11:56 l2tps [l2tp0] closing link "l2tp0"...
May 10 10:11:56 l2tps [l2tp0] IPCP: state change Closing --> Initial
May 10 10:11:56 l2tps [l2tp0] CCP: Down event
May 10 10:11:56 l2tps [l2tp0] CCP: state change Closed --> Initial
May 10 10:11:56 l2tps [l2tp0] AUTH: Cleanup
May 10 10:11:56 l2tps [l2tp0] LCP: SendTerminateReq #183
May 10 10:11:56 l2tps [l2tp0] LCP: LayerDown
May 10 10:11:56 l2tps [l2tp0] LCP: Down event
May 10 10:11:56 l2tps [l2tp0] LCP: LayerFinish
May 10 10:11:56 l2tps [l2tp0] LCP: state change Closing --> Initial
May 10 10:11:56 l2tps L2TP: Control connection 0x29071304 terminated: 0 ()
May 10 10:11:56 l2tps [l2tp0] link: CLOSE event
May 10 10:11:56 l2tps [l2tp0] LCP: Close event
May 10 10:12:07 l2tps L2TP: Control connection 0x29071304 destroyed
May 10 10:12:12 l2tps Incoming L2TP packet from 10.71.221.48 1701
May 10 10:12:12 l2tps L2TP: Control connection 0x290713c4 connected
May 10 10:12:12 l2tps L2TP: Incoming call #1 via connection 0x290713c4 received
May 10 10:12:12 l2tps [l2tp0] L2TP: Incoming call #1 via control connection 0x290713c4 accepted
May 10 10:12:12 l2tps [l2tp0] opening link "l2tp0"...
May 10 10:12:12 l2tps [l2tp0] link: OPEN event
May 10 10:12:12 l2tps [l2tp0] LCP: Open event
May 10 10:12:12 l2tps [l2tp0] LCP: state change Initial --> Starting
May 10 10:12:12 l2tps [l2tp0] LCP: LayerStart
May 10 10:12:12 l2tps [l2tp0] L2TP: Call #1 connected
May 10 10:12:12 l2tps [l2tp0] link: UP event
May 10 10:12:12 l2tps [l2tp0] link: origination is remote
May 10 10:12:12 l2tps [l2tp0] LCP: Up event
May 10 10:12:12 l2tps [l2tp0] LCP: state change Starting --> Req-Sent
May 10 10:12:12 l2tps [l2tp0] LCP: SendConfigReq #184
May 10 10:12:12 l2tps ACFCOMP
May 10 10:12:12 l2tps PROTOCOMP
May 10 10:12:12 l2tps MRU 1500
May 10 10:12:12 l2tps MAGICNUM 4e67c090
May 10 10:12:12 l2tps AUTHPROTO CHAP MD5
May 10 10:12:13 l2tps [l2tp0] LCP: rec'd Configure Request #1 (Req-Sent)
May 10 10:12:13 l2tps ACCMAP 0x00000000
May 10 10:12:13 l2tps MAGICNUM dcb1f445
May 10 10:12:13 l2tps [l2tp0] LCP: SendConfigAck #1
May 10 10:12:13 l2tps ACCMAP 0x00000000
May 10 10:12:13 l2tps MAGICNUM dcb1f445
May 10 10:12:13 l2tps [l2tp0] LCP: state change Req-Sent --> Ack-Sent
May 10 10:12:14 l2tps [l2tp0] LCP: SendConfigReq #185
May 10 10:12:14 l2tps ACFCOMP
May 10 10:12:14 l2tps PROTOCOMP
May 10 10:12:14 l2tps MRU 1500
May 10 10:12:14 l2tps MAGICNUM 4e67c090
May 10 10:12:14 l2tps AUTHPROTO CHAP MD5
May 10 10:12:14 l2tps [l2tp0] LCP: rec'd Configure Reject #185 (Ack-Sent)
May 10 10:12:14 l2tps ACFCOMP
May 10 10:12:14 l2tps PROTOCOMP
May 10 10:12:14 l2tps [l2tp0] LCP: SendConfigReq #186
May 10 10:12:14 l2tps MRU 1500
May 10 10:12:14 l2tps MAGICNUM 4e67c090
May 10 10:12:14 l2tps AUTHPROTO CHAP MD5
May 10 10:12:14 l2tps [l2tp0] LCP: rec'd Configure Ack #186 (Ack-Sent)
May 10 10:12:14 l2tps MRU 1500
May 10 10:12:14 l2tps MAGICNUM 4e67c090
May 10 10:12:14 l2tps AUTHPROTO CHAP MD5
May 10 10:12:14 l2tps [l2tp0] LCP: state change Ack-Sent --> Opened
May 10 10:12:14 l2tps [l2tp0] LCP: auth: peer wants nothing, I want CHAP
May 10 10:12:14 l2tps [l2tp0] CHAP: sending CHALLENGE len:32
May 10 10:12:14 l2tps [l2tp0] LCP: LayerUp
May 10 10:12:14 l2tps [l2tp0] CHAP: rec'd RESPONSE #1
May 10 10:12:14 l2tps Name: "aww"
May 10 10:12:14 l2tps [l2tp0] AUTH: Auth-Thread started
May 10 10:12:14 l2tps [l2tp0] AUTH: Trying INTERNAL
May 10 10:12:14 l2tps [l2tp0] AUTH: INTERNAL returned undefined
May 10 10:12:14 l2tps [l2tp0] AUTH: Auth-Thread finished normally
May 10 10:12:14 l2tps [l2tp0] CHAP: ChapInputFinish: status undefined
May 10 10:12:14 l2tps Response is valid
May 10 10:12:14 l2tps Reply message: Welcome
May 10 10:12:14 l2tps [l2tp0] CHAP: sending SUCCESS len:7
May 10 10:12:14 l2tps [l2tp0] LCP: authorization successful
May 10 10:12:14 l2tps [l2tp0] Bundle up: 1 link, total bandwidth 64000 bps
May 10 10:12:14 l2tps [l2tp0] IPCP: Open event
May 10 10:12:14 l2tps [l2tp0] IPCP: state change Initial --> Starting
May 10 10:12:14 l2tps [l2tp0] IPCP: LayerStart
May 10 10:12:14 l2tps [l2tp0] CCP: Open event
May 10 10:12:14 l2tps [l2tp0] CCP: state change Initial --> Starting
May 10 10:12:14 l2tps [l2tp0] CCP: LayerStart
May 10 10:12:14 l2tps [l2tp0] IPCP: Up event
May 10 10:12:14 l2tps [l2tp0] IPCP: state change Starting --> Req-Sent
May 10 10:12:14 l2tps [l2tp0] IPCP: SendConfigReq #136
May 10 10:12:14 l2tps IPADDR 192.168.10.100
May 10 10:12:14 l2tps COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
May 10 10:12:14 l2tps [l2tp0] CCP: Up event
May 10 10:12:14 l2tps [l2tp0] CCP: state change Starting --> Req-Sent
May 10 10:12:14 l2tps [l2tp0] CCP: SendConfigReq #46
May 10 10:12:14 l2tps [l2tp0] IPCP: rec'd Configure Request #1 (Req-Sent)
May 10 10:12:14 l2tps IPADDR 0.0.0.0
May 10 10:12:14 l2tps NAKing with 192.168.10.1
May 10 10:12:14 l2tps PRIDNS 0.0.0.0
May 10 10:12:14 l2tps NAKing with 10.71.192.38
May 10 10:12:14 l2tps SECDNS 0.0.0.0
May 10 10:12:14 l2tps NAKing with 8.8.8.8
May 10 10:12:14 l2tps [l2tp0] IPCP: SendConfigNak #1
May 10 10:12:14 l2tps IPADDR 192.168.10.1
May 10 10:12:14 l2tps PRIDNS 10.71.192.38
May 10 10:12:14 l2tps SECDNS 8.8.8.8
May 10 10:12:14 l2tps [l2tp0] IPCP: rec'd Configure Reject #136 (Req-Sent)
May 10 10:12:14 l2tps COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
May 10 10:12:14 l2tps [l2tp0] IPCP: SendConfigReq #137
May 10 10:12:14 l2tps IPADDR 192.168.10.100
May 10 10:12:14 l2tps [l2tp0] LCP: rec'd Protocol Reject #2 (Opened)
May 10 10:12:14 l2tps [l2tp0] LCP: protocol CCP was rejected
May 10 10:12:14 l2tps [l2tp0] CCP: protocol was rejected by peer
May 10 10:12:14 l2tps [l2tp0] CCP: state change Req-Sent --> Stopped
May 10 10:12:14 l2tps [l2tp0] CCP: LayerFinish
May 10 10:12:14 l2tps [l2tp0] IPCP: rec'd Configure Request #2 (Req-Sent)
May 10 10:12:14 l2tps IPADDR 192.168.10.1
May 10 10:12:14 l2tps 192.168.10.1 is OK
May 10 10:12:14 l2tps PRIDNS 10.71.192.38
May 10 10:12:14 l2tps SECDNS 8.8.8.8
May 10 10:12:14 l2tps [l2tp0] IPCP: SendConfigAck #2
May 10 10:12:14 l2tps IPADDR 192.168.10.1
May 10 10:12:14 l2tps PRIDNS 10.71.192.38
May 10 10:12:14 l2tps SECDNS 8.8.8.8
May 10 10:12:14 l2tps [l2tp0] IPCP: state change Req-Sent --> Ack-Sent
May 10 10:12:14 l2tps [l2tp0] IPCP: rec'd Configure Ack #137 (Ack-Sent)
May 10 10:12:14 l2tps IPADDR 192.168.10.100
May 10 10:12:14 l2tps [l2tp0] IPCP: state change Ack-Sent --> Opened
May 10 10:12:14 l2tps [l2tp0] IPCP: LayerUp
May 10 10:12:14 l2tps 192.168.10.100 -> 192.168.10.1
May 10 10:12:14 l2tps [l2tp0] IFACE: Up event
May 10 10:12:14 l2tps [l2tp0] no interface to proxy arp on for 192.168.10.1
May 10 10:12:44 l2tps [l2tp0] LCP: no reply to 1 echo request(s)
May 10 10:12:54 l2tps [l2tp0] LCP: no reply to 2 echo request(s)
May 10 10:13:04 l2tps [l2tp0] LCP: no reply to 3 echo request(s)
May 10 10:13:14 l2tps [l2tp0] LCP: no reply to 4 echo request(s)
May 10 10:13:24 l2tps [l2tp0] LCP: no reply to 5 echo request(s)

Таблица маршрутизации
Destination                        Gateway                        Flags                    Use                   Mtu                          Netif                         Expire
default                               XX.XX.XX.XX                UGS                     934956            1492                        pppoe0
8.8.8.8                              XX.XX.XX.XX                 UGHS                  11559              1492                        pppoe0
10.71.192.0/19               link#1                              U                           1702247         1500                         bge0
10.71.192.38                   link#1                             UHS                      18232              16384                      lo0
XX.XX.XX.XX                   link#7                            UH                          685568           1492                        pppoe0
XX.XX.XX.XX                  link#7                             UHS                        0                      16384                      lo0
127.0.0.1                         link#6                              UH                          1289700        16384                      lo0
192.168.10.1                  link#8                             UH                           0                      1500                        l2tp0
192.168.10.100              link#8                             UHS                        0                      16384                     lo0

Log zyxel + routes

O```
ct 31 00:50:33miniupnpdlistening for NAT-PMP traffic on port 5351
Oct 31 00:52:31pppd[5066]No response to 3 echo-requests
Oct 31 00:52:31pppd[5066]Serial link appears to be disconnected.
Oct 31 00:52:31pppd[5066]Connect time 2.0 minutes.
Oct 31 00:52:31pppd[5066]Sent 15124 bytes, received 9996 bytes.
Oct 31 00:52:31ndmCore::Session: client disconnected.
Oct 31 00:52:33ndmCore::Server: started a new session.
Oct 31 00:52:33miniupnpdHTTP listening on port 49684
Oct 31 00:52:33miniupnpdlistening for NAT-PMP traffic on port 5351
Oct 31 00:52:34pppd[5066]Hangup (SIGHUP)
Oct 31 00:52:37ndmkernel: fast vpn ctrl: 26c0470a, 0
Oct 31 00:52:37pppd[5066]Connection terminated.
Oct 31 00:52:37pppd[5066]Modem hangup
Oct 31 00:52:37pppd[5066]Exit.
Oct 31 00:52:37ndmService: "L2TP0" unexpectedly stopped.
Oct 31 00:52:39ndnproxyupdating configuration...
Oct 31 00:52:39ndnproxystatic entry added: localhost. 127.0.0.1.
Oct 31 00:52:39ndnproxystatic entry added: my.keenetic.net. 78.47.125.180.
Oct 31 00:52:39ndnproxystats. file: /var/ndnproxymain.stat.
Oct 31 00:52:40pppd[5075]Plugin pppol2tp.so loaded.
Oct 31 00:52:40pppd[5075]pppd 2.4.4 started by root, uid 0
Oct 31 00:52:40ndmNetwork::Interface::L2TP: added host route to 10.71.192.38
via 10.71.221.1.
#"смушает строчка почему с 10,71,221,1 а не с 10,71,221,48 ????"

Oct 31 00:52:40pppd[5077]l2tp_control v2.02
Oct 31 00:52:40pppd[5077]l2tp: remote host: 10.71.192.38
Oct 31 00:52:40pppd[5077]l2tp: bind: 0.0.0.0
Oct 31 00:52:50pppd[5077]l2tp: timeout of sccrp, retry sccrq, try: 1
Oct 31 00:52:50ndmkernel: fast vpn ctrl: 26c0470a, 1
Oct 31 00:52:50pppd[5075]Using interface ppp1
Oct 31 00:52:50pppd[5075]Connect: ppp1 <--> l2tp[0]
Oct 31 00:52:52pppd[5075]CHAP authentication succeeded: Welcome
Oct 31 00:52:52pppd[5075]CHAP authentication succeeded
Oct 31 00:52:52pppd[5075]local IP address 192.168.10.1
Oct 31 00:52:52pppd[5075]remote IP address 192.168.10.100
Oct 31 00:52:52pppd[5075]primary DNS address 10.71.192.38
Oct 31 00:52:52pppd[5075]secondary DNS address 8.8.8.8
Oct 31 00:52:52ndmNetwork::Interface::PPP: interface "L2TP0" is global,
priority 1000.
Oct 31 00:52:52ndmNetwork::Interface::PPP: adding default route via L2TP0.
Oct 31 00:52:52ndmNetwork::Interface::PPP: adding nameserver 10.71.192.38.
Oct 31 00:52:52ndmDns::Manager: added name server 10.71.192.38, domain(default).
Oct 31 00:52:52ndmNetwork::Interface::PPP: adding nameserver 8.8.8.8.
Oct 31 00:52:52ndmDns::Manager: added name server 8.8.8.8, domain (default).
Oct 31 00:52:52ndmCore::Session: client disconnected.
Oct 31 00:52:54ndnproxyupdating configuration...
Oct 31 00:52:54ndnproxystatic entry added: localhost. 127.0.0.1.
Oct 31 00:52:54ndnproxystatic entry added: my.keenetic.net. 78.47.125.180.
Oct 31 00:52:54ndnproxystats. file: /var/ndnproxymain.stat.
Oct 31 00:52:54ndmCore::Server: started a new session.
Oct 31 00:52:54miniupnpdHTTP listening on port 43573
Oct 31 00:52:54miniupnpdlistening for NAT-PMP traffic on port 5351

маршруты Zyxel
Destination Gateway Connection
192.168.10.100/32 0.0.0.0 L2TP0
192.168.1.0/24 0.0.0.0 Home
10.71.221.0/24 0.0.0.0 ISP
10.71.192.38/32 0.0.0.0 L2TP0
8.8.8.8/32 0.0.0.0 L2TP0
0.0.0.0/0 0.0.0.0 L2TP0


PPPoE тоже не хочет работать zyxel вообще сервера не видит :-(
Помогите пожалуста.

werter

Доброе.
1. Вкл. логтрование fw на pf
2. Исп. команду tracert для понимания , на каком этапе затык.

aww

May 10 10:12:14 l2tps [l2tp0] no interface to proxy arp on for 192.168.10.1

а эта строка не сигнализация о проблемах на сервере ?

Oct 31 00:52:40ndmNetwork::Interface::L2TP: added host route to 10.71.192.38
via 10.71.221.1.
или эта на zyxel ?

aww

Сделал логирование правил fw все формируется все улетает
нет пакетов по протоколу l2tp как приходящих так и отправленных

правило есть все разрешить.

Кто то подскажет где грабли ??

З.Ы. блин все с ppptp работало зачем его убрали хоть переходи на 2.2.5 :-(