FireBrick using L2TP as main connection: Difference between revisions

From AAISP Support Site
(→‎Overview: clean up)
(→‎Overview: syntaxhighlight)
 
Line 4: Line 4:
It is possible to have slow ADSL (if you're a long way from the exchange) but to have a faster (fibre) link to use.
It is possible to have slow ADSL (if you're a long way from the exchange) but to have a faster (fibre) link to use.
In this case, you might want to keep an ADSL or two around for backups in case the fibre goes down.
In this case, you might want to keep an ADSL or two around for backups in case the fibre goes down.

If the fibre is provided by a third party, you could use [[L2TP]] over your main connection to avoid IPs changing if the fibre breaks.
If the fibre is provided by a third party, you could use [[L2TP]] over your main connection to avoid IPs changing if the fibre breaks.


Line 10: Line 11:
This is a rough example for such a config, using NAT on the LAN and [[L2TP]] to AA as the main connection:
This is a rough example for such a config, using NAT on the LAN and [[L2TP]] to AA as the main connection:


<syntaxhighlight lang="xml">
<pre>
<port name="LAN"
<port name="LAN"
ports="1"/>
ports="1"/>
Line 97: Line 98:
set-nat="true"/>
set-nat="true"/>
</rule-set>
</rule-set>
</syntaxhighlight>
</pre>





Latest revision as of 23:47, 30 Haziran 2022

2700-small.png

Overview

It is possible to have slow ADSL (if you're a long way from the exchange) but to have a faster (fibre) link to use. In this case, you might want to keep an ADSL or two around for backups in case the fibre goes down.

If the fibre is provided by a third party, you could use L2TP over your main connection to avoid IPs changing if the fibre breaks.

All this config is doing is setting localprefs on ADSL and L2TP such that the L2TP is preferred if it's up. The ADSL lines are bonded if the L2TP goes down.

This is a rough example for such a config, using NAT on the LAN and L2TP to AA as the main connection:

 <port name="LAN"
       ports="1"/>
 <port name="WAN1"
       ports="4"
       comment="ADSL Line 1"/>
 <port name="WAN2"
       ports="3"
       comment="ADSL Line 2"/>
 <port name="WAN3"
       ports="2"
       comment="Main internet connection"/>
 <interface name="LAN"
            port="LAN"
            comment="Default LAN interface">
  <subnet name="IPv4"
          ip="192.168.0.1/24"
          comment="LAN"/>
  <subnet name="[[IPv6]]"
          ip="2001:db8::1/64"
          ra="true"/>
 </interface>
 <interface name="WAN1"
            port="WAN1"
            comment="WAN interface 1"/>
 <interface name="WAN2"
            port="WAN2"
            comment="WAN interface 2"/>
 <interface name="Main"
            port="WAN3"
            table="1"
            comment="Main connection interface">
  <subnet comment="Gets IP from DHCP"/>
 </interface>
 <ppp name="ADSL1"
      port="WAN1"
      username="example@a.1"
      password="secret"
      speed="1000000"
      lcp-rate="1"
      lcp-timeout="6"
      localpref="100"
      table="0"
      graph="ADSL1"/>
 <ppp name="ADSL2"
      port="WAN2"
      username="example@a.2"
      password="secret"
      speed="1000000"
      lcp-rate="1"
      lcp-timeout="6"
      localpref="100"
      table="0"
      graph="ADSL2"/>
 <usb>
 <loopback ip="192.0.2.10"
           comment="Public IP address for NAT"/>
 <l2tp>
  <outgoing name="AAISP"
            hostname="example@a.3"
            secret="secret"
            ip="90.155.53.19"
            table="1"
            payload-table="0"
            username="example@a.3"
            password="secret"
            localpref="1000"
            mtu="1280"
            lcp-rate="1"
            lcp-timeout="10"
            tcp-mss-fix="true"/>
 </l2tp>
 <ip-group name="RFC1918"
           ip="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
           comment="This IP group is used for NAT"/>
 <rule-set name="NAT"
           table="0"
           source-ip="RFC1918"
           no-match-action="continue"
           comment="Sets source IP address for NAT to a routed address.">
  <rule name="self"
        target-interface="self"
        comment="Allow traffic from the LAN to reach the FireBrick"/>
  <rule name="NAT"
        set-source-ip="192.0.2.10"
        set-nat="true"/>
 </rule-set>