L2TP does not connect by domain name. Connects only via IP address

Started by senseuser, September 09, 2023, 06:14:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 09, 2023, 06:14:06 PM
I'm using "russian vpn" scheme to connect with ISP - WAN interface with DHCP (actually internal ISP network) + L2TP interface to ISP server (as real WAN). If i'm using FQDN as L2TP server name - it couldn't be resolved during boot up.
If i use ip as server address - everything is ok and L2TP interface going up automatically during boot.
Could someone fix this problem, because ISP balancing load between L2tp servers and returns different ip for same FQDN..
September 09, 2023, 06:35:44 PM #1
I had the same problem on PFsense. The guys from the neighboring forum made this patch. With this patch everything worked as it should. How can I adapt this patch for OPNsense?
I attach the patch in .diff format
Code Select
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index c138566a1eeb0f0a1ce3f68178aeca2e9135fecb..cc0bca90808d20735364769b7d002b03ca757880 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -6478,6 +6478,27 @@ function link_interface_to_tunnelif($interface, $type, $remote = 'any') {
return $result;
}

+function link_interface_to_ppp_tunnelif($interface) {
+ global $config;
+
+ $result = array();
+
+ if (empty($interface)) {
+ return $result;
+ }
+
+ if (is_array($config['ppps']['ppp'])) {
+ $realif = get_real_interface($interface);
+ foreach ($config['ppps']['ppp'] as $ppp) {
+ if (($ppp['ports'] == $realif) && in_array($ppp['type'], array('l2tp', 'pptp'))) {
+ $result[] = $ppp;
+ }
+ }
+ }
+
+ return $result;
+}
+
/*
  * find_interface_ip($interface): return the interface ip (first found)
  */
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip
index ff4a75837c613ead7d66ec25ab2fae2db8cb6994..2b04a33db4a607cf08afbd6e01b803b791547ec7 100755
--- a/src/etc/rc.newwanip
+++ b/src/etc/rc.newwanip
@@ -128,6 +128,9 @@ array_walk($gre, 'interface_gre_configure');
$gif = link_interface_to_tunnelif($interface, 'gif', 'inet');
array_walk($gif, 'interface_gif_configure');

+/* reconfigure L2TP/PPTP tunnels, see https://redmine.pfsense.org/issues/12072 */
+$ppp = link_interface_to_ppp_tunnelif($interface);
+
$grouptmp = link_interface_to_group($interface);
if (!empty($grouptmp)) {
array_walk($grouptmp, 'interface_group_add_member');
@@ -181,6 +184,13 @@ foreach ($gre as $gretun) {
system_routing_configure($confif);
}
}
+foreach ($ppp as $ppptun) {
+ $confif = convert_real_interface_to_friendly_interface_name($ppptun['if']);
+ if (!empty($confif)) {
+ interface_configure($confif);
+ system_routing_configure($confif);
+ }
+}

if (platform_booting() && !in_array(substr($interface_real, 0, 3), array("ppp", "ppt", "l2t"))) {
// unlike dhcp interfaces which wait until they get an ip, a ppp connection lets the boot continue while
September 09, 2023, 09:27:34 PM #2
I'm not very fond of PPP interfaces sitting on top of configured interfaces that use another dynamic method to connect. It's asking for trouble, especially if all this is needed only to accommodate DNS remote IP... which we do not seem to support anyway if I'm reading this correctly?


Cheers,
Franco
September 09, 2023, 09:31:46 PM #3
It was only half-supported and a Russian removed the second half of it is the irony in this ;)

https://github.com/opnsense/core/pull/3499
September 09, 2023, 11:39:01 PM #4
So there is no solution here? :-\
September 10, 2023, 10:56:30 AM #5 Last Edit: September 10, 2023, 11:01:21 AM by Monviech
What happens if you create multiple l2tp devices on the same interface with the same settings but different gateway IPs?

Its just an idea, I don't know if that works.

Also its opensource you could always try to find a solution by altering the code.
Hardware:
DEC740
September 10, 2023, 12:41:41 PM #6
No solution via GUI, no. I don't think we should rely on WAN connectivity that requires DNS.


Cheers,
Franco
September 10, 2023, 02:54:30 PM #7
Quote from: Monviech on September 10, 2023, 10:56:30 AM
What happens if you create multiple l2tp devices on the same interface with the same settings but different gateway IPs?
I tried this scheme and it doesn't work. What is needed is WAN-DHCP and on top of it OPT-L2TP
September 10, 2023, 03:52:09 PM #8
Nothing is needed... the problem is that dynamic addresses are not supported and it would be better to leave it at that.


Cheers,
Franco
September 10, 2023, 04:20:20 PM #9
Quote from: franco on September 10, 2023, 03:52:09 PM
Nothing is needed... the problem is that dynamic addresses are not supported and it would be better to leave it at that.
Ah, I understand. Now you will also specifically block this method ;D
September 11, 2023, 11:43:23 AM #10
I'm not blocking anything. I'm just saying it's not supported at the moment and I don't see a reason to add it (myself).


Cheers,
Franco
September 11, 2023, 04:26:39 PM #11
Print
Go Up Pages1
User actions