Hello,
I have an IPSEC L2TP remote-access vpn configured on my ERL. What I am trying to accomplish is to use Steam's Home Streaming capabilities to remotely run games over the VPN connection. Unfortunately, the remote access machine nor the machine on the local network will detect eachother in Steam. The remote-access machine also is unable to auto discover any devices on the network, but can manually browse to them by local IP. They are able to ping directly to eachother, and I am able to reach any network resources on the LAN 10.69.69.0/24 network. Based on the fact that my laptop shows as having a 10.69.69.240/32 address, and the previous symptoms. It seems that it is routing the traffic between them, and thus not transporting broadcast traffic.
Here is my ERL config ; IPconfig of the VPN interface on my laptop ; laptop's "route print"
firewall {
all-ping enable
broadcast-ping disable
ipv6-name LAN-IN {
default-action drop
description "Traffic into LAN interface"
rule 10 {
action accept
description "icmpv6 allowed"
protocol icmpv6
}
}
ipv6-name WAN6-IN {
default-action drop
description "WAN inbound to LAN"
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ipv6 icmp"
protocol ipv6-icmp
}
}
ipv6-name WAN6_LOCAL {
default-action drop
description "WAN inbound to router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ipv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "Allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "Inbound WAN to (W)LAN"
rule 1 {
action accept
description Bittorrent
destination {
port 43794
}
log disable
protocol tcp_udp
}
rule 2 {
action accept
log disable
protocol all
source {
address 10.69.1.7
}
}
rule 3 {
action accept
description TSPK
destination {
port 9987
}
log disable
protocol udp
source {
}
}
rule 4 {
action accept
description TSPKTCP
destination {
port 10011,30033
}
log disable
protocol tcp
}
rule 5 {
action drop
log disable
protocol all
source {
address 10.69.1.0/27
}
}
rule 6 {
action accept
description "Allow Established/Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 7 {
action drop
description "Drop Invalid"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "Inbound WAN to Local Router"
rule 1 {
action accept
description "Allow Established/Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action accept
description "ssh access"
destination {
port 2222
}
log disable
protocol tcp_udp
}
rule 3 {
action accept
description "Allow l2tp"
destination {
port 500,1701,4500
}
log disable
protocol udp
}
rule 6 {
action drop
description "Drop Invalid"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 7 {
action accept
description "Allow ESP"
log disable
protocol esp
}
rule 8 {
action accept
description "allow icmp"
log disable
protocol icmp
}
}
name WLAN_LAN {
default-action drop
description ""
rule 1 {
action accept
log disable
protocol all
state {
established enable
invalid disable
new disable
related disable
}
}
rule 2 {
action accept
destination {
address 10.69.1.7
}
log disable
protocol all
source {
address 10.69.69.0/24
group {
}
}
}
rule 3 {
action drop
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 10.69.69.1/24
description LAN
duplex auto
speed auto
}
ethernet eth1 {
address dhcp
description WAN
dhcpv6-pd {
pd 0 {
interface eth0 {
service slaac
}
prefix-length 64
}
rapid-commit enable
}
duplex auto
firewall {
in {
ipv6-name WAN6-IN
name WAN_IN
}
local {
ipv6-name WAN6_LOCAL
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 10.69.1.1/27
description Wifi
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall disable
hairpin-nat enable
lan-interface eth0
rule 1 {
description BT
forward-to {
address 10.69.69.55
}
original-port 43794
protocol tcp_udp
}
rule 2 {
description TSPK
forward-to {
address 10.69.69.72
port 9987
}
original-port 9987
protocol udp
}
rule 3 {
description TSPK
forward-to {
address 10.69.69.72
port 10011
}
original-port 10011
protocol tcp
}
rule 4 {
description TSPK
forward-to {
address 10.69.69.72
port 30033
}
original-port 30033
protocol tcp
}
wan-interface eth1
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name WLAN {
authoritative disable
subnet 10.69.1.0/27 {
default-router 10.69.1.1
dns-server 10.69.69.1
lease 86400
start 10.69.1.12 {
stop 10.69.1.31
}
static-mapping EPSON36EE98 {
ip-address 10.69.1.7
mac-address 44:d2:44:36:ee:98
}
}
}
shared-network-name lan {
authoritative disable
subnet 10.69.69.0/24 {
default-router 10.69.69.1
dns-server 10.69.69.1
domain-name asgard
lease 86400
start 10.69.69.100 {
stop 10.69.69.200
}
static-mapping Ansible {
ip-address 10.69.69.66
mac-address 66:62:65:37:61:38
}
static-mapping Bunnycam {
ip-address 10.69.69.7
mac-address ec:1f:72:96:2f:9e
}
static-mapping DNShole {
ip-address 10.69.69.69
mac-address 32:65:66:37:36:38
}
static-mapping HTCCam {
ip-address 10.69.69.5
mac-address 1c:b0:94:90:03:69
}
static-mapping MCserver {
ip-address 10.69.69.91
mac-address 00:0c:29:fd:d7:c9
}
static-mapping Mimir {
ip-address 10.69.69.112
mac-address 32:34:65:62:37:35
}
static-mapping Observium {
ip-address 10.69.69.71
mac-address 62:61:37:30:64:30
}
static-mapping TS3Server {
ip-address 10.69.69.72
mac-address 36:65:31:30:33:39
}
static-mapping VALHALLA {
ip-address 10.69.69.55
mac-address 74:d4:35:97:32:4d
}
static-mapping Winserver {
ip-address 10.69.69.60
mac-address 00:21:cc:63:af:8d
}
static-mapping cLeaf1 {
ip-address 10.69.69.31
mac-address 00:0c:29:d3:c3:b7
}
static-mapping cLeaf2 {
ip-address 10.69.69.32
mac-address 00:0c:29:dd:6b:e6
}
static-mapping cLeaf3 {
ip-address 10.69.69.33
mac-address 00:0c:29:a4:45:a1
}
static-mapping cLeaf4 {
ip-address 10.69.69.34
mac-address 00:0c:29:fc:50:0c
}
static-mapping cLeaf5 {
ip-address 10.69.69.35
mac-address 00:0c:29:4d:12:3f
}
static-mapping cLeaf6 {
ip-address 10.69.69.36
mac-address 00:0c:29:68:14:f7
}
static-mapping cSpine1 {
ip-address 10.69.69.41
mac-address 00:0c:29:fb:f0:5d
}
static-mapping cSpine2 {
ip-address 10.69.69.42
mac-address 00:0c:29:ee:a2:e7
}
static-mapping cumulus {
ip-address 10.69.69.43
mac-address 00:0c:29:5a:04:cc
}
static-mapping simulationone {
ip-address 10.69.69.222
mac-address 50:e5:49:52:3a:41
}
}
}
}
dns {
forwarding {
cache-size 2048
listen-on eth0
listen-on lo
listen-on eth2
listen-on l2tp0
name-server 8.8.8.8
name-server 2001:4860:4860::8888
name-server 2001:4860:4860::8844
name-server 8.8.4.4
options expand-hosts
options bogus-priv
options localise-queries
system
}
}
gui {
https-port 443
}
nat {
rule 5000 {
description Natout
log disable
outbound-interface eth1
protocol all
type masquerade
}
}
snmp {
community asgard {
authorization ro
}
listen-address 10.69.69.1 {
port 161
}
}
ssh {
port 2222
protocol-version v2
}
upnp {
listen-on eth0 {
outbound-interface eth1
}
}
}
system {
host-name ODIN
login {
user Simz {
authentication {
encrypted-password $6$a40mMQYybEnm$s5HG1MiYnXBNh3D1cfk2ya6RvDniG7bFoUTtq9R2112Vo4k0I1Xj5Fs2F1LGXkRzd6FG/MdmEdz94ICudkYme1
plaintext-password ""
}
full-name Simz
level operator
}
user iorm {
authentication {
encrypted-password $6$i49gHHhX$vWMYh/yIP66fJDMN2MXaw2amlgibCzSjc.vDnmtWDtFqQOTA.GTeAem0I8hQAssevv1N/gEX3e8yXpODVj5Bi1
plaintext-password ""
}
full-name ******
level admin
}
}
name-server 8.8.8.8
name-server 2001:4860:4860::8888
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipsec enable
ipv4 {
forwarding enable
}
ipv6 {
forwarding enable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Menominee
traffic-analysis {
dpi enable
export enable
}
}
vpn {
ipsec {
auto-firewall-nat-exclude enable
ipsec-interfaces {
interface eth1
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
allowed-network 10.69.69.0/24 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username iorm {
password ******
}
}
mode local
}
client-ip-pool {
start 10.69.69.240
stop 10.69.69.252
}
dhcp-interface eth1
dns-servers {
server-1 10.69.69.1
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret ********
}
ike-lifetime 3600
}
local-ip 10.69.69.253
mtu 1492
}
}
}
[edit]
PPP adapter Homenet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Homenet Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.69.69.240(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 10.69.69.1 NetBIOS over Tcpip. . . . . . . . : Enabled
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.33.1 172.16.33.148 4250
0.0.0.0 0.0.0.0 On-link 10.69.69.240 26
10.69.69.240 255.255.255.255 On-link 10.69.69.240 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
172.16.33.0 255.255.255.0 On-link 172.16.33.148 4506
172.16.33.148 255.255.255.255 On-link 172.16.33.148 4506
172.16.33.255 255.255.255.255 On-link 172.16.33.148 4506
173.174.37.41 255.255.255.255 172.16.33.1 172.16.33.148 4251
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 172.16.33.148 4506
224.0.0.0 240.0.0.0 On-link 10.69.69.240 26
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 172.16.33.148 4506
255.255.255.255 255.255.255.255 On-link 10.69.69.240 281
===========================================================================