Category:L2TP Handover: Difference between revisions
mNo edit summary |
|||
Line 12: | Line 12: | ||
[[File:Clueless-SIM-l2tp.png|none|frame|L2TP relay settings on the Control Pages]] |
[[File:Clueless-SIM-l2tp.png|none|frame|L2TP relay settings on the Control Pages]] |
||
=Information about Tunnels and Credentials= |
|||
=L2TP Credentials Information= |
|||
L2TP establishes a tunnel, and over that tunnel it establishes one or |
L2TP establishes a tunnel, and over that tunnel it establishes one or |
||
Line 51: | Line 51: | ||
may upset some L2TP endpoints if they are not expecting this. They |
may upset some L2TP endpoints if they are not expecting this. They |
||
should authenticate on the ICCID (calling station) in such cases. |
should authenticate on the ICCID (calling station) in such cases. |
||
=Setting up your end= |
=Setting up your end= |
Revision as of 10:11, 9 Mayıs 2016
Overview
Our data SIMs allow for the possibility of L2TP hand over of mobile data to your own LNS. This means that the data SIM connects directly in to your network, and you control the IP address allocation, routing and any fire-walling or filtering you wish.
SIM Configuration
Accessing This Feature
Access is via the Control Pages as follows:
- Log in to the Control Pages with your xxx@a login
- Click on the SIM ICCID you want to edit
- Fill in the L2TP relay information there
You can enter the IP address of your LNS (and an alternative if you like), and a shared secret if you want to do tunnel authentication.
Information about Tunnels and Credentials
L2TP establishes a tunnel, and over that tunnel it establishes one or more sessions, each of which uses PPP.
The tunnel requires an endpoint address (e.g. l2tp.aa.net.uk or 90.155.53.19) and a hostname (which is sort of the login name for the tunnel). The tunnel can also include a secret, which we do not use for our L2TP outbound service to customer's L2TP servers.
Once the tunnel is established, a session can be established over the tunnel. The session does not have to have any authentication, but it is normal for the endpoints to negotiate PAP or CHAP using LCP, and so the connecting end will need a username and password to complete the PPP level authentication.
So, in total, you would need:
- Tunnel IP
- Tunnel Hostname
- Tunnel Secret (if used)
- Session Username
- Session Password
An L2TP session is PPP and can negotiate whatever authentication it likes for the session. In practice this is usually done by a proxy, so in the case of both SIMs and Broadband we will receive proxied negotiation details for the circuit, and will pass on those proxy details to the far end.
The far end should ideally used these details, which also include a calling station ID (circuit ID or ICCID). In the case of broadband the far end could restart LCP and re-run PPP authentication if it wished, end to end with the connecting device. This is not usually possible with a SIM though, so proxied credentials should be accepted.
Note, also, for a SIM, it is possible for the connection to have no authentication, i.e. LCP has negotiated no authentication protocol. This may upset some L2TP endpoints if they are not expecting this. They should authenticate on the ICCID (calling station) in such cases.
Setting up your end
There are pages below with help in setting up equipment at your end...
Pages in category 'L2TP Handover'
The following 5 pages are in this category, out of 5 total.