I’ve setup a l2tpns server for adsl terminations and ppp sessions from my wholesale ISP authenticate correct, however there appears to be only traffic coming from the connection and none able to return.


My l2tpns startup-config is as follows:


# Current configuration:

set debug 4

set log_file "/var/log/l2tpns"

set pid_file "/var/run/l2tpns.pid"

set random_device "/dev/urandom"

set l2tp_secret "secret"

set l2tp_mtu 1500

set ppp_restart_time 3

set ppp_max_configure 10

set ppp_max_failure 5

set primary_dns

set secondary_dns

set primary_radius

set secondary_radius

set primary_radius_port 1812

set secondary_radius_port 0

set radius_accounting no

set radius_interim 0

set radius_secret "secret"

set radius_authtypes "pap"

set radius_dae_port 3799

set radius_bind_min 0

set radius_bind_max 0

set allow_duplicate_users no

set kill_timedout_sessions yes

set guest_account ""

set bind_address

set peer_address

set send_garp no

set throttle_speed 28

set throttle_buckets 6000

set accounting_dir "/var/run/l2tpns/acct"

set account_all_origin no

set dump_speed no

set multi_read_count 10

set scheduler_fifo no

set lock_pages no

set icmp_rate 0

set packet_limit 0

set cluster_address

set cluster_interface "eth0"

set cluster_mcast_ttl 1

set cluster_hb_interval 5

set cluster_hb_timeout 150

set cluster_master_min_adv 1

set ipv6_prefix ::

set cli_bind_address

set hostname "en-lns1"

set nexthop_address

set nexthop6_address ::

set echo_timeout 10

set idle_echo_timeout 240

set iftun_address

set tundevicename "tun0"

set disable_lac_func no

set auth_tunnel_change_addr_src no

set bind_address_remotelns

set bind_portremotelns 65432

set pppoe_if_to_bind ""

set pppoe_service_name ""

set pppoe_ac_name "l2tpns-pppoe"

set disable_sending_hello no

set disable_no_spoof no

set bind_multi_address ""

set pppoe_only_equal_svc_name no

set multi_hostname ""

set no_throttle_local_IP no


my users file in freeradius:


D0-2                    Cleartext-Password := "password"

                        Framed-IP-Address =,

                        Framed-Route += "" ,

                        Framed-MTU = 1492


DEFAULT Auth-Type == Accept

     Service-Type = "Framed-User",

     Framed-Protocol = "PPP",

     Framed-IP-Netmask = "",

     Idle-Timeout = 86400,

     Framed-Routing = "None"


Session is up:


lns1# show sess

  SID LkToSID  TID Username                         IP              I T G 6     opened downloaded   uploaded idle   Rem.Time LAC(L)/RLNS(R)/PPPOE(P) CLI

    1       0    2 D0-2                                            N N N N       1175     108804     384589    0          0 (L)a.b.c.d        *



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         UG    0      0        0 eth0        *        U     0      0        0 eth0      *      UH    0      0        0 tun0   UG    0      0        0 tun0


(LAC IP routes removed for privacy)


If I run iftop on tun0 I can see dns requests going out but none going back..


Any ideas?