L2TP VPN via fusionhub IP issue

Paul_Mossip · March 5, 2021, 4:03pm

I have a Vultr Fusionhub for L2TP vpn inbound.

I have defined WAN and LAN addresses with the LAN as:

10.1.96.3.

The local FH DHCP server is set to provide 10.1.96.10-50.

Connections work fine, and I can access all services via SF tunnels, but when I do a tcpdump the source IP of the inbound traffic is always 10.1.96.3, the IP of the FH, not the IP given to the remote user via L2TP.

I see no indications that NAT has been requested for the LAN interface, or any of the SF tunnels.

So why the remapping?

Kenny · March 8, 2021, 1:42am

This is to ease the deployment. If use the IP addresses assigned by FusionHub DHCP server to access LAN network, user must setup a static route in provider’s gateway to route DHCP IP addresses (i.e. 10.1.96.10-50) to FusionHub and that may not a straight forward task in some VM providers.

Paul_Mossip · March 8, 2021, 7:17pm

Why wouldn’t it be handled exactly the same way as with the standard routers? having the router answer arp queries on the LAN interface on behalf of the remote DHCP clients.

It would seem that the “NAT Remote Connection” option would be used for selecting this behavior. (Yes I know that it is currently specific to SpeedFusionVPN). It seems to be for the same reason.