Page MenuHomeVyOS Platform

Using the 10.255.255.0/24 subnet on other interfaces breaks L2TP/IPSec
Closed, ResolvedPublicBUG

Description

Using a standard L2TP config from the wiki, if you have any IP on other interfaces in the 10.255.255.0/24 subnet, the VPN will fail to route on new connections.

In my case, I had it on loopback for OSPF priority:

set interfaces loopback lo address 10.255.255.1/24

The /32 (which is what I meant to put), makes it work, but other subnet sizes don't

set interfaces loopback lo address 10.255.255.1/32

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-rc5
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc7); removed VyOS 1.2 Crux.
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).

Since you can set the pool and gateway address by hand now, it's not impossible to use that subnet anymore.

erkin set Issue type to Bug (incorrect behavior).Sep 1 2021, 10:50 AM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.