Till v7.1rc1 my configuration worked well, starting with rc2 the following error appears when clients connect via L2TP
Code: Select all
Sep 2 16:14:04 router ipsec,info INFO: respond new phase 1 (Identity Protection): 84.166.210.18[500]<=>80.187.65.57[500]
Sep 2 16:14:04 router ipsec,info INFO: ISAKMP-SA established 84.166.210.18[4500]-80.187.65.57[13986] spi:32bc9fda7543957c:c7bdbd2a8a8e14ae
Sep 2 16:14:04 router l2tp,info INFO: first L2TP UDP packet received from 3611:f62b:50bb:4139:54a6:d212:c75e:6a5
Sep 2 16:14:04 router l2tp,info INFO: first L2TP UDP packet received from 3911:3f75:551f:861e:54a6:d212:ce85:6a5
Now I traced down the problem to be based on the bridge. My FTTH modem is VLAN 7 tagged connected to sfp-sfpplus3 on my CCR2004.
The following configuration works on all ROS releases, including rc2:
Code: Select all
/interface vlan
add comment="LAN with VLAN ID 007 for FTTH access" interface=sfp-sfpplus3 name=FTTH vlan-id=7
/interface bridge
add admin-mac=04:00:00:00:00:01 auto-mac=no comment="Bridge to SFP+" ingress-filtering=no name=LAN vlan-filtering=yes
/interface bridge port
add bridge=LAN ingress-filtering=no interface=sfp-sfpplus1 trusted=yes
Now, if I add sfp-sfpplus3 to the bridge, the above shown error messages appears on L2TP appears.
Everything else like internet access, IPv6 etc. works fine. Just L2TP is broken.
Code: Select all
/interface vlan
add comment="LAN with VLAN ID 007 for FTTH access" interface=LAN name=FTTH vlan-id=7
/interface bridge
add admin-mac=04:00:00:00:00:01 auto-mac=no comment="Bridge to SFP+" ingress-filtering=no name=LAN vlan-filtering=yes
/interface bridge port
add bridge=LAN ingress-filtering=no interface=sfp-sfpplus1 trusted=yes
add bridge=LAN ingress-filtering=no interface=sfp-sfpplus3 trusted=yes
/interface bridge vlan
add bridge=LAN tagged=LAN,sfp-sfpplus1,sfp-sfpplus3 vlan-ids=7