L2TP Overview: Difference between revisions
m (Redirected page to Category:L2TP) |
|||
(47 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
#REDIRECT [[:Category:L2TP]] |
|||
On special request you can have an L2TP login in to AAISP - pricing is based on the usage, and is currently priced the same as usage costs on AAISP 'Be' lines. |
|||
Some Notes from customers: |
|||
== RouterBoard == |
|||
Connecting to L2TP with a RouterBoard was pretty seamless - put in the L2TP server IP, username and password and it just connects. Have to mess about with IP / Route and NAT / masquerading a bit to get devices behind the RouterBoard online but that all depends on whether you have an additional IP block and what you want to do with it anyway. |
|||
== Windows 7 == |
|||
Connecting with Windoze 7 was almost as easy except that the default connection settings don't work. You have to edit the connection properties and on the Security tab change 'Type of VPN:' to 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)' otherwise it only tries PPTP, and change 'Data encryption:' to 'Optional encryption (connect even if no encryption)' as it doesn't like A+A's certificate (because RevK declines to use a root certification authority recognised by Microsoft, or is it that Microsoft declines to recognise the root certification authority chosen by RevK). I guess the alternative would probably be to add the root certificate to the machine in question. Anyway, with those two changes it works fine. |
|||
== Cisco Routers == |
|||
Cisco routers running IOS 12.3(2)T and later support L2TP client initiated tunneling which allows the router to establish an L2TP tunnel to A&A's L2TP server. |
|||
Most of the information required was gleaned from here: [http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtvoltun.html] plus a bit of trial and error and some packet capturing of good and bad L2TP sessions. |
|||
I have tested this on a Cisco 837 router running 12.3(11)YZ2, a 2821 running 12.4(15)T10 SPServices and a 2801 running 12.4(24)T3 ADVIPServices |
|||
'''Caveats:''' |
|||
- You will need to sanity check routing in your particular environment. This is especially important if you choose to use '''ppp ipcp route default''' on the l2tp tunnel. It's safest to make sure that you have a static route set to the L2TP server. |
|||
- I haven't tested this for IPV6 yet. |
|||
- This is "early release" information - I haven't yet used this in anger over a long period of time but will try to remember to come back and update if I find any major issues. |
|||
- This config snippet contains no security settings - be sure to configure some! |
|||
- I've used the IP address of the L2TP server rather than the DNS address - this is obviously at risk of change . |
|||
- You need to be running IP CEF on the router |
|||
'''Config:''' |
|||
Replace ''<whatever>'' with the appropriate information for your connection |
|||
ip cef |
|||
l2tp-class lc-aaisp |
|||
pseudowire-class pc-aaisp |
|||
encapsulation l2tpv2 |
|||
protocol l2tpv2 lc-aaisp |
|||
ip local interface ''<interface that l2tp connection should go out from>'' |
|||
interface Virtual-PPP9797 |
|||
shutdown |
|||
ip address negotiated |
|||
no cdp enable |
|||
ppp authentication chap callin |
|||
ppp chap hostname ''<l2tp line login eg stzzz@a.2>'' |
|||
ppp chap password 0 ''<site password>'' |
|||
ppp direction callout |
|||
ppp pap refuse |
|||
pseudowire 90.155.53.19 10 pw-class pc-aaisp |
|||
Once the interface is configured you can issue a '''no shut''' on it to bring it up. |
|||
'''Debugging:''' |
|||
'''debug ppp authentication''' and '''debug ppp negotiation''' are your friends... In particular if you see "Circuit ID not set - contact support" in the authentication debug, contact A&A support to get them to fix your L2TP login. |
|||
Once the connection is up, you should see the virtual PPP interface configured with the static IP that is assigned to it in clueless. |
|||
If you get stuck, pop into the IRC channel and see if I'm around (basil_uk) and I'll help if possible. |
|||
== Other Hardware == |
|||
The TL-WR741ND router works, although it can only do NAT, but is very cheap. |
Latest revision as of 10:29, 9 Mayıs 2016
Redirect to: