Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    Aug 2020
    Posts
    3

    Default Unable to bind to another IP

    Hi,

    I updated to the latest 15.1 Untangle, but noticed my L2TP VPN stopped working, if I leave the main WAN ip in place it works, but if I add another of my public IP's it doesn't. The other public IP's are setup on the external interface, and work when setup for port forwarding etc.

    In the logs I can see the request to connect come in., but then the iPhone shows L2TP-VPN server did not respond. Yet if I change the IP to the main WAN ip and leave the settings the same, it connects.

    Any ideas?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    That's the way it's supposed to work, you have to configure port forwards to get aliased addresses to work.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Aug 2020
    Posts
    3

    Default

    Why did it work before? There is no reference so having to setup port forwarding in the documentation, merely specify the IP address on the wan interface.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    I have no idea why it worked before, but Untangle services do not bind to alias addresses, they only bind to the primary addresses on the Untangle server. This has operated that way since I started working with Untangle all the way back with v5.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Aug 2020
    Posts
    3

    Default

    Hmm, very strange. I mean why give the option to bind to other addresses if it doesn’t work? The ‘problem’ I have is the wan address is given to me by the isp as a dhcp address, but I have 5 static ip’s, the primary one is dynamic. It worked perfectly in v15 but in 15.1 it doesn’t. I can see the connection attempted in the log on the correct address. It just doesn’t do anything and the client times out

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    Quote Originally Posted by MrCranky View Post
    the wan address is given to me by the isp as a dhcp address, but I have 5 static ipís, the primary one is dynamic.
    In my limited experience, this is what I see as strange. I would contact your ISP's technical support, and talk to a higher-tier engineer.

    What flavor of Internet connection is it?

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    On second thought, this isn't strange at all. Your primary network assignment used to be DHCP, and it would still work if you choose to use it.

    Take NGFW's External interface out of automatic (DHCP) and put in one of the assigned static IP's, with the other appropriate network parameters given to you.

    You are on a physical ISP network that does both. Now forget the DHCP part and don't look back.
    Last edited by Jim.Alles; 08-21-2020 at 08:33 AM.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Yep, that's how cable ISPs work, DHCP still works, but the statics work too. It's not properly configured... but it does work.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangler
    Join Date
    Aug 2016
    Posts
    69

    Default

    In my quest to figure out an issue with my L2TP VPN, I found a forum post wherein the individual stated they used 0.0.0.0 as the address. This in effect tells the VPN Service to connect regardless of IP (something like that). I haven't tried it yet but others on that post posted positive results.

    Link albeit a little dated... https://forums.untangle.com/ipsec-vp...n-address.html

    Good Luck.

    -MW
    Last edited by mfwade; 08-25-2020 at 04:49 PM.

  10. #10
    Newbie
    Join Date
    Apr 2008
    Posts
    4

    Default

    I'm having a similar experience with the L2TP VPN Client connectivity...

    If I assign the main WAN address for the Server Listen Addresses, the clients can connect.
    If I change the Server Listen Addresses to one of the IPv4 Aliases assigned to the WAN interface, the client connections fail.
    I also happen to have a second WAN port. If I change the Server Listen Addresses to the main WAN address on the second WAN port, the client connections fail.

    I have also tried leaving the main WAN address and adding the others in various combinations. The main address of the first WAN port always works, but the other IPs never work. I have also tried 0.0.0.0 with the same result.

    A few notes from the L2TP Log:
    No matter which IP address is assigned (or combination), the log file always shows "Listening on IP address 0.0.0.0, port 1701" when the service initializes.

    When using IP addresses where the clients fail to connect, the log file shows the following activity:
    Aug 31 13:29:20 XXXXXXX xl2tpd[83421]: Maximum retries exceeded for tunnel 35453. Closing.
    Aug 31 13:28:56 XXXXXXX xl2tpd[83421]: control_finish: Peer requested tunnel 19 twice, ignoring second one.
    Aug 31 13:28:52 XXXXXXX xl2tpd[83421]: control_finish: Peer requested tunnel 19 twice, ignoring second one.
    Aug 31 13:28:50 XXXXXXX xl2tpd[83421]: control_finish: Peer requested tunnel 19 twice, ignoring second one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2