FireBrick L2TP Server: Difference between revisions
Content deleted Content added
mNo edit summary |
|||
| Line 1: | Line 1: | ||
[[File:2700-small.png|link=:Category:FireBrick]] |
[[File:2700-small.png|link=:Category:FireBrick]] |
||
*A 'Fully Loaded' FireBrick is required for L2TP features |
*A 'Fully Loaded' FireBrick is required for [[L2TP]] features |
||
*AAISP Data SIMS can be relayed on to your own L2TP Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN, very similar to a VPN. |
*AAISP Data SIMS can be relayed on to your own [[L2TP]] Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN, very similar to a VPN. |
||
*The Computer (or device) with the SIM will not need any special config or software installed. |
*The Computer (or device) with the SIM will not need any special config or software installed. |
||
*At the moment the L2TP tunnel is not encrypted, but this will change shortly. |
*At the moment the [[L2TP]] tunnel is not encrypted, but this will change shortly. |
||
*Basic setups can be done in the FireBrick config without the need to run your own RADIUS server - for each SIM connecting in you'll need a single <match .../> config. |
*Basic setups can be done in the FireBrick config without the need to run your own RADIUS server - for each SIM connecting in you'll need a single <match .../> config. |
||
*The FireBrick allocates IPs statically within the config and can't use DHCP - for more advanced and more flexible configurations you'd run your own RADIUS server. |
*The FireBrick allocates IPs statically within the config and can't use DHCP - for more advanced and more flexible configurations you'd run your own RADIUS server. |
||
| Line 10: | Line 10: | ||
=FireBrick Config= |
=FireBrick Config= |
||
On the WebUI, this is set under Tunnels, L2TP, Incoming L2TP connections, and basic XML example is as below: |
On the WebUI, this is set under Tunnels, [[L2TP]], Incoming [[L2TP]] connections, and basic XML example is as below: |
||
<syntaxhighlight> |
<syntaxhighlight> |
||
<l2tp> |
<[[L2TP|l2tp]]> |
||
<incoming name="MyL2TP" hostname="FireBrick" secret="myPassword" pppip="10.0.0.2" pppdns1="217.169.20.20" pppdns2="8.8.8.8" lcp-rate="25" lcp-timeout="240" tcp-mss-fix="true"> |
<incoming name="MyL2TP" hostname="FireBrick" secret="myPassword" pppip="10.0.0.2" pppdns1="217.169.20.20" pppdns2="8.8.8.8" lcp-rate="25" lcp-timeout="240" tcp-mss-fix="true"> |
||
<match name="MySIM" graph="MySIM" calling-station-id="89442xxxxxx" remote-ip="10.0.0.4"/> |
|||
</incoming> |
|||
</l2tp> |
</l2tp> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 21: | Line 22: | ||
The settings explained are: |
The settings explained are: |
||
*name - Just a name for this |
*name - Just a name for this |
||
*hostname - the hostname used within the l2tp, this will be used later when setting up the AAISP SIM end. |
*hostname - the hostname used within the [[L2TP|l2tp]], this will be used later when setting up the AAISP SIM end. |
||
*secret - the password (optional) |
*secret - the password (optional) |
||
*pppip - the IP used as the PPP endpoint on the FireBrick - typically the FireBricks IP address |
*pppip - the IP used as the PPP endpoint on the FireBrick - typically the FireBricks IP address |
||
| Line 42: | Line 43: | ||
==Routing from the LAN== |
==Routing from the LAN== |
||
If you are assigning IPs from your LAN to the SIM, then as the L2TP connection is on a different interface to your LAN -to enable routing from the LAN to your SIM you will need to set proxy-arp=true on the LAN interface. |
If you are assigning IPs from your LAN to the SIM, then as the [[L2TP]] connection is on a different interface to your LAN -to enable routing from the LAN to your SIM you will need to set proxy-arp=true on the LAN interface. |
||
=AAISP Config= |
=AAISP Config= |
||
[[File:Small-sim.jpg|frame|Data SIM ]] |
[[File:Small-sim.jpg|frame|Data SIM ]] |
||
At the AAISP end, AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set this for L2TP: |
At the AAISP end, AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set this for [[L2TP]]: |
||
*Target IP - IP (4 or 6) of your FireBrick |
*Target IP - IP (4 or 6) of your FireBrick |
||
*Host - The Hostname as set in your 'incoming' config, ie FireBrick in this case |
*Host - The Hostname as set in your 'incoming' config, ie FireBrick in this case |
||
| Line 54: | Line 55: | ||
=Diagnostics= |
=Diagnostics= |
||
On the Web interface, Status, L2TP will give the connection, if it's connected. |
On the Web interface, Status, [[L2TP]] will give the connection, if it's connected. |
||
[[File:L2tp-sessions.png|border|SIM showing on L2TP sessions page ]] |
[[File:L2tp-sessions.png|border|SIM showing on L2TP sessions page ]] |
||
| Line 70: | Line 71: | ||
Here there is no need to create a separate subnet interface on the FireBrick. This SIM then be accessible from your LAN and not your WAN, and the SIM will only have access to your LAN and not the WAN. |
Here there is no need to create a separate subnet interface on the FireBrick. This SIM then be accessible from your LAN and not your WAN, and the SIM will only have access to your LAN and not the WAN. |
||
To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the L2TP to your internet interface (in this case PPPoE), eg: |
To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the [[L2TP]] to your internet interface (in this case PPPoE), eg: |
||
<syntaxhighlight> |
<syntaxhighlight> |
||
<route-override name="L2TP NAT"> |
<route-override name="L2TP NAT"> |
||
<rule name="NAT the SIM for Internet Access" source-interface="l2tp" target-interface="pppoe" set-nat="true"/> |
<rule name="NAT the SIM for Internet Access" source-interface="[[L2TP|l2tp]]" target-interface="pppoe" set-nat="true"/> |
||
</route-override> |
</route-override> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||