L2TP Client: OSX: Difference between revisions
(Added section about IPv6) |
m (→Apple Mac OS X) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP.svg|link=:Category: |
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP.svg|link=:Category:Incoming L2TP|30px|Back up to the Incoming L2TP Category]]</indicator> |
||
[[Category: |
[[Category:Incoming L2TP]] |
||
==Apple Mac OS X== |
==Apple Mac OS X== |
||
An Apple computer can be used to create an L2TP connection in to AAISP, here's how: |
An Apple computer can be used to create an L2TP connection in to AAISP, here's how: |
||
Line 7: | Line 7: | ||
*Click the + Icon |
*Click the + Icon |
||
*Create a new VPN Interface with Type L2TP over IPSec |
*Create a new VPN Interface with Type L2TP over IPSec |
||
[[File:l2tp-osx-newconnection.png]] |
[[File:l2tp-osx-newconnection.png|400px]] |
||
*In the Authentication settings set the Password |
*In the Authentication settings set the Password |
||
*For ease of use Tick 'Show VPN status in menu bar |
*For ease of use Tick 'Show VPN status in menu bar |
||
Line 19: | Line 19: | ||
[[File:l2tp-osx-ipsecmenu.png]] |
[[File:l2tp-osx-ipsecmenu.png]] |
||
=VPN Connection - IPsec Error AKA Disable ipsec = |
|||
Use this at your own risk. The notes below involves editing/creating system files, and whilst 'worked for us' may not work for you. |
Use this at your own risk. The notes below involves editing/creating system files, and whilst 'worked for us' may not work for you. |
||
Line 38: | Line 38: | ||
If the mv (move) fails, then you may already have a /etc/ppp/options file, in this case it would need to be edited manually. |
If the mv (move) fails, then you may already have a /etc/ppp/options file, in this case it would need to be edited manually. |
||
[[File:Osx-noipsec.png|thumb|right]] |
|||
To double check that the file is correct, type: |
|||
cat /etc/ppp/options |
|||
and it should show: |
|||
plugin L2TP.ppp |
|||
l2tpnoipsec |
|||
To undo this change delete the /etc/ppp/options file. |
To undo this change delete the /etc/ppp/options file. |
||
===IPv6=== |
===IPv6=== |
Latest revision as of 20:17, 3 April 2020
Apple Mac OS X
An Apple computer can be used to create an L2TP connection in to AAISP, here's how:
- Apple Menu - Settings - Network
- Click the + Icon
- Create a new VPN Interface with Type L2TP over IPSec
- In the Authentication settings set the Password
- For ease of use Tick 'Show VPN status in menu bar
- Optionally, and probably something you want to enable: in the Advanced Settings Tick, 'Send all Traffic over VPN connection'
- Then Connect
- To Disconnect, click Disconnect
You can use the new icon in the Status bar (Up by the clock, to connect and disconnect the connection
VPN Connection - IPsec Error AKA Disable ipsec
Use this at your own risk. The notes below involves editing/creating system files, and whilst 'worked for us' may not work for you.
By default, OSX requires the L2TP connection to use IPSec encryption. At the moment the AAISP service is just plain L2TP and does not offer encryption.
To enable OSX to connect without IPSec, then the /etc/ppp/options file needs to be edited. A simple way of doing this is as follows:
- Use the Search icon to search for Terminal
and then enter in:
echo "plugin L2TP.ppp" > options echo "l2tpnoipsec" >> options sudo mv options /etc/ppp
If the mv (move) fails, then you may already have a /etc/ppp/options file, in this case it would need to be edited manually.
To double check that the file is correct, type:
cat /etc/ppp/options
and it should show:
plugin L2TP.ppp l2tpnoipsec
To undo this change delete the /etc/ppp/options file.
IPv6
IPv6 does not seem to work on an L2TP interface when configured using the GUI, even with 'Configure IPv6' set to 'Manually'.
It can be made to work by entering commands on the command line, after the tunnel is connected:
/sbin/ifconfig ppp0 inet6 add 2001:8b0:XXXX::1/64 route add -inet6 default -interface ppp0
It should be possible to automate this by creating an /etc/ppp/auth-up script.