pfSense Gold Subscription

Author Topic: Help me create l2tp vpn  (Read 390 times)

0 Members and 1 Guest are viewing this topic.

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Help me create l2tp vpn
« on: December 27, 2017, 07:58:29 am »
I'm trying to create a l2tp vpn but it doesn't work as the doc describes https://doc.pfsense.org/index.php/L2TP/IPsec#Configure_L2TP_Server. I follow the instructions and leave radius off, but when hitting save, it says "A valid RADIUS server address must be specified." even tho radius is off and there is no such field to fill out.

Any suggestions ?
« Last Edit: December 28, 2017, 03:56:10 pm by nicolaj »

Offline NollipfSense

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #1 on: December 28, 2017, 09:20:53 pm »
I haven't set up L2TP yet however, from my Mikrotik days, if you're using DNS, I believe it should be the L2TP server or left blank. Also, you have three users but have a static IP address...I believe you should have at least a pool of three addresses.

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #2 on: December 29, 2017, 04:34:43 am »
192.168.2.1 is just the starting address for the pool, the subnet is /25 so it should automatically occupy 192.168.2.2 and .2.3 if more users connect. The doc says to "Set 'L2TP DNS Servers as needed, or leave blank" when trying to create the server it auto fills the dns. Just tried leaving them blank but i get same error.

Offline NollipfSense

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #3 on: December 31, 2017, 02:23:25 pm »
You might find helpful hints here:  https://forum.pfsense.org/index.php?topic=141928.0

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9596
  • Karma: +1089/-309
    • View Profile
Re: Help me create l2tp vpn
« Reply #4 on: December 31, 2017, 02:56:27 pm »
192.168.2.0 is not a valid gateway address on a /24 or /25. It is the network address.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #5 on: January 01, 2018, 10:15:50 am »
I didn't manually enter that, it auto filled it. So i assumed it was correct, and by default it's set to /32, but the doc said to set it to /25, so i did. But i tried the other once and it didn't change the error.

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #6 on: January 04, 2018, 08:35:04 am »
Bump.

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #7 on: January 06, 2018, 11:50:50 am »
Bump.

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #8 on: January 08, 2018, 03:28:01 pm »
How do i report this bug ?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9596
  • Karma: +1089/-309
    • View Profile
Re: Help me create l2tp vpn
« Reply #9 on: January 08, 2018, 04:38:36 pm »
If you really believe it is a bug, redmine.pfsense.org

I don't know how much traction you'll get since it's.....L2TP.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #10 on: January 09, 2018, 04:08:23 am »

I don't know how much traction you'll get since it's.....L2TP.

I'm no vpn expert at all. But i don't understand why it would get less traction if the entire function isn't working.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14802
  • Karma: +1374/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Help me create l2tp vpn
« Reply #11 on: January 09, 2018, 04:20:23 am »
"I didn't manually enter that, it auto filled it. "

No it didn't - not from pfsense.. Maybe your browser put in that nonsense... Which is prob why your getting a problem with your radius server entry..

I just fired this up with zero issues. I don't have any entry for radius..

Stuff can be left over from if was attempted to be be enabled before - so maybe you have stuff left in the radius server entry even though you don't have it current enabled, etc..  Try to enable it and remove anything that might be left in the radius server boxes when you hit save...

edit:  I was able to duplicate your problem if I click the enable radius - but in wrong entry in radius server IP and then uncheck enable radius - see 2nd attachment.  I would click enable and clear out any old entry that might be stuck in there.

If you want to put anything on redmine could be a feature request clear old boxes when uncheck for enable on stuff or not parse boxes that are not to be used, etc.
« Last Edit: January 09, 2018, 04:27:16 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #12 on: January 09, 2018, 03:01:12 pm »
But that doesn't really make sense tho, how would my browser know to enter an ip that is outside the local subnet ?
I never entered anything in radius, but i tried enabling it, clear all boxes and disable it again. The boxes were autofilled with admin and dots in secrets. But yeah, i see now the error changes. I might actually get this to work.
« Last Edit: January 09, 2018, 03:09:33 pm by nicolaj »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14802
  • Karma: +1374/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Help me create l2tp vpn
« Reply #13 on: January 09, 2018, 03:25:56 pm »
Browsers autofill shit all the time.. There have been a few posts recently about browser filling in shit they shouldn't be filling in.  And then giving a weird parse error when the form was submitted about interfaces, etc..  I would have to dig up the old threads..  But have seen it multiple times as of late..

But I can tell you for sure pfsense is not going to autofil IP you want it to listen on - and no it shouldn't wouldn't put in a network address vs the host IP, etc...

edit:  Here you go
https://forum.pfsense.org/index.php?topic=138008.0

This is thread with link to other thread where the browser putting in shit...
« Last Edit: January 09, 2018, 03:32:33 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline nicolaj

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Re: Help me create l2tp vpn
« Reply #14 on: January 12, 2018, 04:03:20 pm »
I can see how that would be annoying for people supporting pfsense as, depending on how fast the browers might autofill stuff. You don't know what autofilled it, and might not even consider the browser as the culprit.

Btw, can i connect to the vpn if i'm connected to the local network that pfsense is hosting, just on the 192.168.1 subnet. Or would i have to find a separate network to test the connection from?
Not sure how pfsense feels about that.