Jump to: navigation, search

FireBrick L2TP Server

848 bytes added, 23:55, 17 August 2018
clean up
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP-Relay.svg|link=:Category:L2TP_HandoverL2TP Handover|30px|Back up to the L2TP Handover page]]</indicator>
A FireBrick can be easily configured to act as an LNS (L2TP Network Server) - you can then terminate direct L2TP connections on it from remove devices, or relay data SIMs or DSL circuits on to it (where the ISP support s L2TP relay - we do on the A&A Data SIMs and DSL services) This means, you can have remote 3G/4G LTE Mobile Data SIMs or DSL circuits terminated directly on to your LAN or a VLAN on your internal network.
This is ideal for remote monitoring, digital signage, machine-to-machine networking, IoT etc... As the remote device is being terminated on the FireBrick, you have full control over firewall and internet access to and from the remote device.
*A 'Fully Loaded' FireBrick is required for [[L2TP]] features
*AAISP Data SIMS can be relayed on to your own [[L2TP]] Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN, very similar to a VPN.
*The Computer (or device) with the SIM will not need any special config or software installed.
*AtThe the moment the [[L2TP]] tunnel is not encrypted, but thisyou willcould changerun IPsec over the shortlytop.
*Basic setups can be done in the FireBrick config without the need to run your own RADIUS server - for each SIM connecting in you'll need a single <match .../> config.
*The FireBrick allocates IPs statically within the config and can't use DHCP - for more advanced and more flexible configurations you'd run your own RADIUS server.
[[File:FireBrick-L2TP-Diagram.jpg|600px|An attempt at a network diagram showing the SIM on the internal LAN]]
=FireBrick Config=
On the WebUI, this is set under Tunnels, [[L2TP]], Incoming [[L2TP]] connections, and basic XML example is as below:
<gallery widths=400px heights=400px caption="Screenshots" mode="traditional">
[[File:SIMtoL2TP-FireBrick1.png|none|frame|100px|FireBrick L2TP screenshot]]settings
File:SIMtoL2TP-FireBrick2.png|Match settings
The settings explained are:
*lpc-rate/timeout - used for graphs - we don't need to poll as often as the actual LCPs are not answered by the SIM, but by the mobile network. Basically latency on the graphs for SIMs should be ignored.
The match settings are to match individual SIMs when the connect in, and thus giving them their own IP address etc. You can add multiple Match entries; one for each SIM you have.
[[File:SIMtoL2TP-FireBrick2.png|none|frame|100px|FireBrick L2TP individual sessions screenshot]]
The match settings are to match individual SIMs when the connect in, and thus giving them their own IP address etc.
*name - just a name, e.g. the name of the person using this SIM
*graph - make a graph for this SIM - will show usage etc., but latency can be ignored.
This of course can be restricted, so you could give a SIM just access to your LAN and not your WAN - i.e. to block internet access whilst allowing them to access your own internal servers.
==Routing from the LAN (Enable proxy-ARP)==
If you are assigning IPs from your LAN to the SIM, then as the [[L2TP]] connection is on a different interface to your LAN -to enable routing from the LAN to your SIM you will need to set proxy-arp=true on the LAN interface.
[[Category:FireBrick_TunnelsFireBrick Tunnels|L2TP]]
[[Category:L2TP Handover]]

Navigation menu