12,266
edits
Category:L2TP Handover: Difference between revisions
m
no edit summary
mNo edit summary |
mNo edit summary |
||
|
[[File:Clueless-SIM-l2tp.png|none|frame|L2TP relay settings on the Control Pages]]
=L2TP Credentials Information=
L2TP establishes a tunnel, and over that tunnel it establishes one or
==Setting up your end==▼
more sessions, each of which uses PPP.
The tunnel requires an endpoint address (e.g. l2tp.aa.net.uk or
90.155.53.19) and a hostname (which is sort of the login name for the
tunnel). The tunnel can also include a secret, which we do not use for
our L2TP outbound service to customer's L2TP servers.
Once the tunnel is established, a session can be established over the
tunnel. The session does not have to have any authentication, but it is
normal for the endpoints to negotiate PAP or CHAP using LCP, and so the
connecting end will need a username and password to complete the PPP
level authentication.
So, in total, you would need:
#Tunnel IP
#Tunnel Hostname
#Tunnel Secret (if used)
#Session Username
#Session Password
An L2TP session is PPP and can negotiate whatever authentication it
likes for the session. In practice this is usually done by a proxy, so
in the case of both SIMs and Broadband we will receive proxied
negotiation details for the circuit, and will pass on those proxy
details to the far end.
The far end should ideally used these details, which also include a
calling station ID (circuit ID or ICCID). In the case of broadband the
far end could restart LCP and re-run PPP authentication if it wished,
end to end with the connecting device. This is not usually possible with
a SIM though, so proxied credentials should be accepted.
Note, also, for a SIM, it is possible for the connection to have no
authentication, i.e. LCP has negotiated no authentication protocol. This
may upset some L2TP endpoints if they are not expecting this. They
should authenticate on the ICCID (calling station) in such cases.
There are pages below with help in setting up equipment at your end...
| |||