Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick L2TP Server: Difference between revisions

← Older edit
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,659 edits
Reedy (talk | contribs)
editor
706 edits
FireBrick Config: consistent trailing full stop in lists
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP-Relay.svg|link=:Category:L2TP_Handover|30px|Back up to the L2TP Handover page]]</indicator>
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP-Relay.svg|link=:Category:L2TP Handover|30px|Back up to the L2TP Handover page]]</indicator>
[[File:2700-small.png|link=:Category:FireBrick]]
[[File:2700-small.png|link=:Category:FireBrick]]


Line 27: Line 27:
The settings explained are:
The settings explained are:
*name - Just a name for this
*name - Just a name for this
*hostname - the hostname used within the [[L2TP|l2tp]], this will be used later when setting up the AAISP SIM end.
*hostname - the hostname used within the [[L2TP|l2tp]], this will be used later when setting up the AAISP SIM end
*secret - the password (optional)
*secret - the password (optional)
*pppip - the IP used as the PPP endpoint on the FireBrick - typically the FireBricks IP address
*pppip - the IP used as the PPP endpoint on the FireBrick - typically the FireBricks IP address
Line 35: Line 35:
The match settings are to match individual SIMs when the connect in, and thus giving them their own IP address etc. You can add multiple Match entries; one for each SIM you have.
The match settings are to match individual SIMs when the connect in, and thus giving them their own IP address etc. You can add multiple Match entries; one for each SIM you have.
*name - just a name, e.g. the name of the person using this SIM
*name - just a name, e.g. the name of the person using this SIM
*graph - make a graph for this SIM - will show usage etc., but latency can be ignored.
*graph - make a graph for this SIM - will show usage etc., but latency can be ignored
*calling-station-id - this is the ICCID of the SIM, as AAISP use this as the station id
*calling-station-id - this is the ICCID of the SIM, as AAISP use this as the station id
*remote-ip - the IP address to give the SIM, i.e., an IP address on your LAN
*remote-ip - the IP address to give the SIM, i.e., an IP address on your LAN
Line 41: Line 41:
==Firewall==
==Firewall==
You will also need firewall filters, e.g. to allow traffic out of the SIM, in a rule-set add something to match the SIM.
You will also need firewall filters, e.g. to allow traffic out of the SIM, in a rule-set add something to match the SIM.
<syntaxhighlight lang=xml>
<syntaxhighlight lang="xml">
<rule name="L2TPOut" source-interface="l2tp"/>
<rule name="L2TPOut" source-interface="l2tp"/>
</syntaxhighlight>
</syntaxhighlight>
Line 48: Line 48:


==Routing from the LAN (Enable proxy-ARP)==
==Routing from the LAN (Enable proxy-ARP)==
If you are assigning IPs from your LAN to the SIM, then as the [[L2TP]] connection is on a different interface to your LAN -to enable routing from the LAN to your SIM you will need to set proxy-arp=true on the LAN interface.
If you are assigning IPs from your LAN to the SIM, then as the [[L2TP]] connection is on a different interface to your LAN -to enable routing from the LAN to your SIM you will need to set <tt>proxy-arp=true</tt> on the LAN interface.


=AAISP Config=
=AAISP Config=
Line 70: Line 70:
=Separate (NAT) Subnet for the Dongle=
=Separate (NAT) Subnet for the Dongle=
Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, e.g.:
Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, e.g.:
<syntaxhighlight lang=xml>
<syntaxhighlight lang="xml">
<match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/>
<match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/>
</syntaxhighlight>
</syntaxhighlight>
Line 78: Line 78:
To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the [[L2TP]] to your internet interface (in this case PPPoE), eg:
To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the [[L2TP]] to your internet interface (in this case PPPoE), eg:


<syntaxhighlight lang=xml>
<syntaxhighlight lang="xml">
<route-override name="L2TP NAT">
<route-override name="L2TP NAT">
<rule name="NAT the SIM for Internet Access" source-interface="[[L2TP|l2tp]]" target-interface="pppoe" set-nat="true"/>
<rule name="NAT the SIM for Internet Access" source-interface="[[L2TP|l2tp]]" target-interface="pppoe" set-nat="true"/>
Line 85: Line 85:




[[Category:FireBrick_Tunnels|L2TP]]
[[Category:FireBrick Tunnels|L2TP]]
[[Category:L2TP Handover]]
[[Category:L2TP Handover]]
Retrieved from "http://support.aa.net.uk/FireBrick_L2TP_Server"