Topic: AAISP L2TP (Read 6032 times)

Chrysalis · « **on:** November 05, 2022, 05:32:42 PM »

On AAISP network over a cable connection.

Tracing route to bbc.co.uk [151.101.0.81]
over a maximum of 30 hops:

  1    17 ms    17 ms    19 ms  l2tp.thn.aa.net.uk [90.155.53.19]
  2    17 ms    19 ms    19 ms  k-aimless.thn.aa.net.uk [90.155.53.101]
  3    17 ms    18 ms    18 ms  195.66.225.91
  4    19 ms    18 ms    18 ms  151.101.0.81

Trace complete.

Using windows L2TP client at the moment as pfsense is freaking out, I activate the tunnel and VM goes down alongside AAISP not coming up, but on windows it worked as expected.

Alex Atkin UK · « **Reply #1 on:** November 05, 2022, 07:28:21 PM »

That's odd, works fine here. The only problem I've had is if it goes down (as I'm using it over 5G) it sometimes fails to come back up.

Chrysalis · « **Reply #2 on:** November 05, 2022, 07:37:16 PM »

Well this is what I did please let me know if this is wrong.

https://support.aa.net.uk/L2TP_Client:_pfSense

Followed the above guide, so new PPP, L2TP type, selected igb3 which for me is my VM interface, entered my auth details, and the aaisp L2TP IP.

I then went in the interface after to configure IPv6 as SLAAC as the above guide says and enabled it.

VM then went to 100% packet loss, errors to VM gateway, AAISP L2TP gateway stayed on pending, logs showed no responses to L2TP packets. Could only get back online by disabling the L2TP service, and cycling the VM DHCP.

However on windows it just came up as expected, its capped to 100mbit, so I am guessing the L2TP on broadband accounts doesnt have the new 200mbit cap.

My theory is that I am linking it to a physical interface, and maybe when it works its on a virtual PPPoE interface, but I am using IPoE.

Alex Atkin UK · « **Reply #3 on:** November 06, 2022, 01:02:36 AM »

Okay, here is what I have.

Worth noting, I had to set System, Routing, AAISP_SLAAC (the IPv6 one) to Disable Gateway Monitoring as the AAISP gateway did not respond to pings and while the documentation says "it should work anyway" I found it did not. This does not however impact IPv4.

Chrysalis · « **Reply #4 on:** November 06, 2022, 10:32:00 AM »

Looks almost the same, you ticked the ipv4 parent box as the only difference, after I ordered my food shopping I will give it another go.

Chrysalis · « **Reply #5 on:** November 06, 2022, 12:02:31 PM »

Its a no go, I tested it over EE (ue0) and it works fine like it does on your mobile network, but as soon as I try the VM interface it kills VM.

The error that appears for the VM connectivity is "arpresolve: can't allocate llinfo" and igb3 flips between active and no carrier state until I intervene by killing the L2TP.

Chrysalis · « **Reply #6 on:** November 06, 2022, 01:27:45 PM »

Is working now Alex, seems spoofing mac on the host interface breaks l2tp on pfsense.

Also IPv6 works however the monitoring if you dont specify a monitor ip reports 100% loss (aaisp gateway doesnt respond to pings) and if selecting a manual ip to ping although it pings manually the SLAAC gateway gets stuck in a pending state which I am guessing is a pfsense bug, so I force it to the online state so it gets used and then everything works.

Alex Atkin UK · « **Reply #7 on:** November 06, 2022, 02:01:34 PM »

Quote from: Chrysalis on November 06, 2022, 01:27:45 PM

Is working now Alex, seems spoofing mac on the host interface breaks l2tp on pfsense.

Also IPv6 works however the monitoring if you dont specify a monitor ip reports 100% loss (aaisp gateway doesnt respond to pings) and if selecting a manual ip to ping although it pings manually the SLAAC gateway gets stuck in a pending state which I am guessing is a pfsense bug, so I force it to the online state so it gets used and then everything works.

The gateway monitoring issue isn't limited to AAISP, it happens on Zen too for me, stuck in pending right now even though I have confirmed manually the IP I have in monitoring is responding fine.

This is one of the reasons I just don't care about IPv6, its just not as reliable as IPv4, at least on pfSense using L2TP/PPP as the carrier layer. When I had the HE.NET GRE tunnel configured, that always seemed to work.

More interestingly I seem to have lost IPv6 routing over AAISP completely at the moment. If I try to force AAISP as the src IP, it just goes over Zen anyway. $:-\$

bogof · « **Reply #8 on:** November 06, 2022, 03:17:09 PM »

Out of interest, what are the use cases whereby you find it useful to have something like this L2TP service setup?

Chrysalis · « **Reply #9 on:** November 06, 2022, 03:22:33 PM »

Quote from: Alex Atkin UK on November 06, 2022, 02:01:34 PM

The gateway monitoring issue isn't limited to AAISP, it happens on Zen too for me, stuck in pending right now even though I have confirmed manually the IP I have in monitoring is responding fine.

This is one of the reasons I just don't care about IPv6, its just not as reliable as IPv4, at least on pfSense using L2TP/PPP as the carrier layer. When I had the HE.NET GRE tunnel configured, that always seemed to work.

More interestingly I seem to have lost IPv6 routing over AAISP completely at the moment. If I try to force AAISP as the src IP, it just goes over Zen anyway. $:-\$

Yep its a pfsense bug.

Go to system menu -> routing, select the gateway, click edit, and tick the option "disable gateway monitoring (assume its online)".

It will go to online state and work normally.

Chrysalis · « **Reply #10 on:** November 06, 2022, 03:25:15 PM »

Quote from: bogof on November 06, 2022, 03:17:09 PM

Out of interest, what are the use cases whereby you find it useful to have something like this L2TP service setup?

For me I have certain uses, and also use cases where I need static IP addressing, and also have use cases for IPv6 as well which VM has no IPv6 support at all.

bogof · « **Reply #11 on:** November 07, 2022, 07:15:16 PM »

Quote from: Chrysalis on November 06, 2022, 03:25:15 PM

For me I have certain uses, and also use cases where I need static IP addressing, and also have use cases for IPv6 as well which VM has no IPv6 support at all.

Interesting. I am intrigued by it. Especially as I see that for £10/per month domestic it comes with 2TB traffic. I have 10TB at the moment on FTTP don't fully need, but 1TB isn't enough, so I pay the extra £10. If the 2TB /month that comes with the L2TP service goes into the pot, I could have 3TB / month Inc the L2TP service, which would be more than enough data and offer the extra functionality.

Edit: actually I don't think broadband and L2TP can share quotas. Oh well.

Chrysalis · « **Reply #12 on:** November 07, 2022, 08:32:24 PM »

Its built in if you have a broadband account and I assume shares the quota. Thats how I am using it now. But of course can buy it as standalone also.

https://support.aa.net.uk/Category:Incoming_L2TP

bogof · « **Reply #13 on:** November 07, 2022, 08:39:39 PM »

Quote from: Chrysalis on November 07, 2022, 08:32:24 PM

Its built in if you have a broadband account and I assume shares the quota. Thats how I am using it now. But of course can buy it as standalone also.

https://support.aa.net.uk/Category:Incoming_L2TP

Ah, gotcha!

So is there a good configuration of a particular router that will only bring up the L2TP over eg: cellular if the main connection goes down?

Weaver · « **Reply #14 on:** November 08, 2022, 06:41:22 AM »

Firebrick can do just that. Using ‘profiles’.

News:

Author Topic: AAISP L2TP (Read 6032 times)

Chrysalis

AAISP L2TP

Alex Atkin UK

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

Alex Atkin UK

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

Alex Atkin UK

Re: AAISP L2TP

bogof

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

bogof

Re: AAISP L2TP

Chrysalis

Re: AAISP L2TP

bogof

Re: AAISP L2TP

Weaver

Re: AAISP L2TP