I’m using L2TP today to extend the local LAN to a road warrior. Both ends are MT boxes, and on the working configuration the L2TP interface is bound to a bridge with the local LAN IP. Now… I’m looking to secure the L2TP tunnel with IPSEC. I upgraded the boxes I’m using in my lab to v6.38.5 and have the tunnel up and working. However the L2TP interfaces on neither end will bind to the bridge so none of my traffic is actually flowing across. Has something changed between v6.33.5 and 6.38.5 that would prevent the bridge binding? I just get “failure: is not allow to be put in bridge” from the CLI.
Ok, so I’ve learned some new information… If I downgrade both MTs to v6.36.4, the L2TP interfaces join the bridge… BUT there’s an IPSec bug. My server is behind a NAT and the generated policy is using the public IP instead of the private IP…
I may’ve fixed me own problem… having better luck on the bugfix trains, I loaded v6.37.5 and both and see to have everything working!
L2TP is a layer 3 protocol. Don’t add it to a bridge. Once it’s up, you’ll be able to route you road warriors.
Sent from Tapatalk
Edit: of course, you need to assign ip addresses on both sides. Use the ppp secret for that.
Sent from Tapatalk