L2TP VPN via fusionhub IP issue

Paul_Mossip · March 5, 2021, 8:03am

I have a Vultr Fusionhub for L2TP vpn inbound.

I have defined WAN and LAN addresses with the LAN as:

10.1.96.3.

The local FH DHCP server is set to provide 10.1.96.10-50.

Connections work fine, and I can access all services via SF tunnels, but when I do a tcpdump the source IP of the inbound traffic is always 10.1.96.3, the IP of the FH, not the IP given to the remote user via L2TP.

I see no indications that NAT has been requested for the LAN interface, or any of the SF tunnels.

So why the remapping?

Kenny · March 7, 2021, 5:42pm

This is to ease the deployment. If use the IP addresses assigned by FusionHub DHCP server to access LAN network, user must setup a static route in provider’s gateway to route DHCP IP addresses (i.e. 10.1.96.10-50) to FusionHub and that may not a straight forward task in some VM providers.

Paul_Mossip · March 8, 2021, 11:17am

Why wouldn’t it be handled exactly the same way as with the standard routers? having the router answer arp queries on the LAN interface on behalf of the remote DHCP clients.

It would seem that the “NAT Remote Connection” option would be used for selecting this behavior. (Yes I know that it is currently specific to SpeedFusionVPN). It seems to be for the same reason.

Kester_Broatch · July 7, 2022, 9:56am

@Paul_Mossipdid you ever find a solution or workaround to this? I am facing the same issue.

Ps - thanks for sending me from Peplink | Pepwave - Forum

Paul_Mossip · July 7, 2022, 11:14pm

I didn‘t need a fix so I didn’t follow up

you should open a ticket with support and document the protocol and show how the remote access NAT won’t work with your application.