Hi everyone,
i've successfully created an L2TP server with the following setup:
root@OpenWrt:~# cat /etc/ipsec.conf
config setup
conn myvpn
auto=add
authby=secret
type=transport
left=%any
leftsubnet=0.0.0.0/0
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rekey=no
keyingtries=5
root@OpenWrt:~# cat /etc/xl2tpd/xl2tpd.conf
[global]
port = 1701
auth file = /etc/xl2tpd/xl2tp-secrets
access control = no
[lns default]
exclusive = yes
ip range = 10.0.1.2-10.0.1.100
hidden bit = no
local ip = 10.0.1.1
length bit = yes
require chap = yes
refuse pap = yes
name = vpn
ppp debug = yes
require authentication = yes
pppoptfile = /etc/ppp/options.xl2tpd
root@OpenWrt:~# cat /etc/ppp/options.xl2tpd
auth
noccp
#debug
dump
logfd 2
#logfile /var/log/xl2tpd.log
idle 1800
mtu 1280
mru 1280
proxyarp
ms-dns 8.8.8.8
lcp-echo-failure 12
lcp-echo-interval 5
#require-mschap-v2
nomppe
root@OpenWrt:/# cat /etc/rc.local
ifup vpn0
for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
iptables --table nat --append POSTROUTING --jump MASQUERADE
exit 0
Everithing works if I connect directly using the L2TP/IPSEC client of my mac but if i use another OpenWrt router as a VPN gateway for other clients only half of the websites work.
Searching around I found that the probable issue is wrong handling of ICMP packets that route responses back to the VPN Gateway instead that to the clients
Anyone knows how to solve this?
Thanks
(Last edited by nicco on 29 Jul 2017, 23:17)