ExpressVPN does not support static server IPs. They use DDNS based hostnames and the IPs change in every session. It is a commercial VPN after all.1) Fill the src-address field in l2tp-client.
2) Use /ip route rule (lookup-only-in-table) to force connections originated from this ip to desired routing table.
Just what exactly do I use for the src-address in LT2P client? Both my WANs are dynamic IPs over PPPoE.src-address :)
phase1 negotiation failed due to send error. 192.168.3.1<=>220.127.116.11 2bf06a1def2a7095:0000000000000000
I already have load balancing in place. Any way to intercept the LT2P initial connection/handshake using Mangle/Mark connection rules instead? That would simplify this issue greatly.Two possibilities:
1) Create a loopback interface (empty bridge) and assign this random/unused address there. That should work.
2) Add a script to PPP profile used for PPPoE to update the address in l2tp-client and route rule any time it changes.
Anyway, try to make it work with you current dynamiс WAN address first.
Yeah, so I went with the null-bridge method, it works!You can try, if it's the only l2tp connection originated by the router.
Mangle output and srcnat chains are at your service.
But I don't see in what way is it simpler.
Hi to xvo and the op writer,1) You can create second l2tp-tunnel through the second wan connection the same way and revert to lookup-only-in-table for both of them: switching routes between two tunnels will be much faster than rebuilding the tunnel. Especially if OSFP + BFD can be used on top of that.
2) You need this address for two things - to choose the right route from the very packet creation and creating a valid ipsec policy.
Some random address works because it will be src-nated anyway, and assigning it any interface makes it valid.
Loopback-bridge is just as good a place for it as any other, with the addition that it won't interfere with the behaviour of other interfaces. And does not depend on them to be working.
3) That is totally up to you and depends on what is located on the other side of the tunnel.