Mobile L2TP Technical

Back up to the L2TP Category
From AAISP Support Site

An L2TP tunnel is established using the pre-agreed IP addresses, hostname and shared secret. Note that if your LNS rejects the tunnel connection, or fails to respond to the SCCRQ or a subsequent HELLO, then it will be block for 5 minutes allowing further connections to go to the fall-back LNSs.

Once the tunnel is established, a session is established for each connecting data SIM.

ICRQ

Attribute Meaning
Assigned Session ID 14 Session ID
Call Serial Number 15 Present if received from mobile network
Calling Number 22 19 digit ICCID of SIM, starting 8944


ICCN

Attribute Meaning
Framing Type 19 Always 1 (PPP)
Initial Received LCP CONFREQ 26 As received / negotiated by proxy
Last Sent LCP CONFREQ 27 As sent / negotiated by proxy
Last Received LCP CONFREQ 28 As received / negotiated by proxy
Proxy Authen Type 29 Will always be CHAP
Proxy Authen Name 30 User name from mobile device, typically blank
Proxy Authen Challenge 31 Chap challenge
Proxy Authen ID 32 Chap challenge ID
Proxy Authen Response 33 Chap response hash
Tx connect speed 24 Present if advised by mobile network
Rx connect speed 38 Present if advised by mobile network

Limitations

  • Only available on data SIMs.
  • Called Number is a fixed APN and not the one entered on the phone, which is ignored.
  • Reduced MTU of 1450 is in operation when L2TP is run over the internet. This restriction can be removed to allow full 1500 byte MTU where direct *Baby-jumbo frame links are available from us to your LNS.
  • User-Name passed is what is provided by the mobile which is usually blank. Do not use the password 'password' as this will not be passed through.
  • IPv6 is not available yet, but is planned for the future if possible.


Connect Speed

We've seen various devices give odd Connect Speed settings when they connect. EG, OSX sends:

Connect Speed: 1000000

And a Pfsense has been seen to send 10Mbit/s and even the source code had it hard coded to 10Mbit/s.

TCP Dump of OSX L2TP highlighting the 'Connect Speed'

This means that it is asking for a 1Mbit/s connection. This does not looks like it's configurable either.

From May 2016 we ignore the Connect Speed, and simply limit the speed to 100Mbit/s at our side.