FireBrick L2TP Server: Difference between revisions

From AAISP Support Site
m (AA-Andrew moved page FireBrick l2TP Server to FireBrick L2TP Server)
No edit summary
Line 1: Line 1:
AAISP Data SIMS can be relayed on to your own L2TP Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN.
AAISP Data SIMS can be relayed on to your own L2TP Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN, very similar to a VPN.
The Computer (or device) with the SIM will not need any special config or software installed.
At the moment the L2TP tunnel is not encrypted, but this will change shortly.


=FireBrick Config=
=FireBrick Config=
Line 7: Line 9:
<syntaxhighlight>
<syntaxhighlight>
<l2tp>
<l2tp>
<incoming name="MyL2TP" hostname="FireBrick" secret="myPassword" pppip="10.0.0.2" pppdns1="217.169.20.20" pppdns2="8.8.8.8" lcp-rate="25" lcp-timeout="240" tcp-mss-fix="true" radius="l2tp" log="ppp" log-debug="ppp">
<incoming name="MyL2TP" hostname="FireBrick" secret="myPassword" pppip="10.0.0.2" pppdns1="217.169.20.20" pppdns2="8.8.8.8" lcp-rate="25" lcp-timeout="240" tcp-mss-fix="true">
<match name="MySIM" graph="MySIM" calling-station-id="89442xxxxxx" remote-ip="10.0.0.4" comment="Change IP to one on your LAN"/>
<match name="MySIM" graph="MySIM" calling-station-id="89442xxxxxx" remote-ip="10.0.0.4"/>
</l2tp>
</l2tp>
</syntaxhighlight>
</syntaxhighlight>


The settings explained are:
Change the pppip to be the IP you're using, ie the address if the FireBrick.
*name - Just a name for this
The LCP rates are changed to be less
*hostname - the hostname used within the l2tp, this will be used later when setting up the AAISP SIM end.
*secret - the password
*pppip - the IP used as the PPP endpoint on the FireBrick - typically the FireBricks IP address
*pppdns1/2 - DNS servers that the FireBrick will give out
*lpc-rate/timeout - used for graphs - we don't need to poll as often as the actual LCPs are not answered by the SIM, but by the mobile network. Basically latency on the graphs for SIMs should be ignored.


The <match settings are to match individual SIMs when the conenct in, and thus giving them their own IP address etc.
You will also need firewall filters, eg to allow trraffic out of the SIM:
*name - just a name, eg teh name of the person using this SIM
*graph - make a graph for this SIM - will show usage etc, but latency can be ignored.
*calling-station-id - this is the ICCID of the SIM, as AAISP use this as the station id
*remote-ip - the IP address to give the SIM, ie, an IP address on your LAN


You will also need firewall filters, eg to allow traffic out of the SIM:
<syntaxhighlight>
<syntaxhighlight>
<rule name="L2TPOut" source-interface="l2tp"/>
<rule name="L2TPOut" source-interface="l2tp"/>
</syntaxhighlight>
</syntaxhighlight>


This ofcourse can be restricted, so you could give a SIM just access to your LAN and not your WAN - ie to block internet access whilst allowing them to access your own internal servers.


=AAISP Config=
=AAISP Config=

AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set up:
At the AAISP end, AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set this for L2TP:
*Target IP - IP (4 or 6) of your FireBrick
*Target IP - IP (4 or 6) of your FireBrick
*Host - The Hostname as set in your 'incoming' config, ie FireBrick in this case
*Host - The Hostname as set in your 'incoming' config, ie FireBrick in this case

Revision as of 14:23, 17 Mayıs 2013

AAISP Data SIMS can be relayed on to your own L2TP Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN, very similar to a VPN. The Computer (or device) with the SIM will not need any special config or software installed. At the moment the L2TP tunnel is not encrypted, but this will change shortly.

FireBrick Config

On the WebUI, this is set under Tunnels, L2TP, Incoming L2TP connections, and xml example is as below:

<l2tp>
 <incoming name="MyL2TP" hostname="FireBrick" secret="myPassword" pppip="10.0.0.2" pppdns1="217.169.20.20" pppdns2="8.8.8.8" lcp-rate="25" lcp-timeout="240" tcp-mss-fix="true">
 <match name="MySIM" graph="MySIM" calling-station-id="89442xxxxxx" remote-ip="10.0.0.4"/>
</l2tp>

The settings explained are:

  • name - Just a name for this
  • hostname - the hostname used within the l2tp, this will be used later when setting up the AAISP SIM end.
  • secret - the password
  • pppip - the IP used as the PPP endpoint on the FireBrick - typically the FireBricks IP address
  • pppdns1/2 - DNS servers that the FireBrick will give out
  • lpc-rate/timeout - used for graphs - we don't need to poll as often as the actual LCPs are not answered by the SIM, but by the mobile network. Basically latency on the graphs for SIMs should be ignored.

The <match settings are to match individual SIMs when the conenct in, and thus giving them their own IP address etc.

  • name - just a name, eg teh name of the person using this SIM
  • graph - make a graph for this SIM - will show usage etc, but latency can be ignored.
  • calling-station-id - this is the ICCID of the SIM, as AAISP use this as the station id
  • remote-ip - the IP address to give the SIM, ie, an IP address on your LAN


You will also need firewall filters, eg to allow traffic out of the SIM:

      <rule name="L2TPOut" source-interface="l2tp"/>

This ofcourse can be restricted, so you could give a SIM just access to your LAN and not your WAN - ie to block internet access whilst allowing them to access your own internal servers.

AAISP Config

At the AAISP end, AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set this for L2TP:

  • Target IP - IP (4 or 6) of your FireBrick
  • Host - The Hostname as set in your 'incoming' config, ie FireBrick in this case
  • secret - The secret as set in your incoming config, ie myPassword in this case