Revision as of 22:59, 28 November 2022 (view source) Reedy (talk \| contribs) (Formatting) ← Older edit		Revision as of 23:03, 28 November 2022 (view source) Reedy (talk \| contribs) (syntax) Newer edit →
===Network configuration=== In the network configuration below, my normal router was a thinkpad connected to wifi, sharing that over ethernet. It was just a test setup. On that DHCP server on the thinkpad, the subnet was `<tt>10.42.0.0/24`</tt>, but normally you might use e.g. `<tt>192.168.0.0/24`</tt>. You MUST NOT use DHCP on this connection. You have to set a static IP, so that you can set a custom route, going to `<tt>90.155.53.19`</tt> via what would otherwise be the `<tt>gateway`</tt> line; in this case I'd normally set `<tt>gateway 10.42.0.1`</tt> in the example below, but instead i set `<tt>up /sbin/ip route add 90.155.53.19/32 via 10.42.0.1 dev enp14s0`</tt>. This makes all traffic on IPv4 route through the L2TP instead of directly through the main upstream, in this case virgin media. The fact that I used Virgin Media on this line is irrelevant. You can use L2TP on any ISP. Adapt the config below to your needs, accordingly: ===/etc/network/interfaces=== <syntaxhighlight lang=bash> source /etc/network/interfaces.d/* NOTE: We shall re-edit this file later. For now though, our purpose is only to get online. NOTE: IP address `<tt>90.155.53.19`</tt> is what `<tt>l2tp.aa.net.uk`</tt> resolves to, and it shall be used directly for our purposes, due to absent name resolution during initialisation of this network. ===Enabling IP forwarding=== sysctl -p This will reload `<tt>/etc/sysctl.conf`</tt> - applying our changes. ===L2TP=== It may seem counter-intuitive above, that we've configured PPP as though we're on a hardline, but this is important for the next step. A&A provides L2TP without authentication, but then you authenticate via PPP routed through L2TP. Debian kernels should already have the correct modules, but otherwise you must ensure that the `<tt>CONFIG_PPPOL2TP`</tt> and `<tt>CONFIG_L2TP`</tt> options are enabled in your kernel configuration. It should be noted that A&A L2TP service is (as of this day) currently without IPSEC or other encryption such as wireguard. This is less than ideal, but you will likely be doing a lot of encrypted things online anyway (lots of websites are https-aware nowadays). You will not be able to use DNS until the L2TP is up, so we will use A&A's IP address for `<tt>l2tp.aa.net.uk`</tt>, which is `<tt>90.155.53.19`</tt>. ===/etc/xl2tpd/xl2tpd.conf=== Place the following contents: Create this file, and place the following contents: NOTE: the `<tt>name`</tt> and `<tt>password`</tt> entries are your A&A login details for L2TP. <syntaxhighlight> ===PPP IF Up/Down scripts=== PPPoE and L2TP are managed by `<tt>pppd`</tt>, which executes if up/down scripts when interfaces go up or down. We shall manipulate this accordingly: ===/etc/ppp/ipv6-up.d/0000-defaultroute=== This L2TP routing setup is a bit hacky, and this guide could use some refinement. The `<tt>@reboot`</tt> line is probably redundant, since this will just run every minute anyway. I really wouldn't worry about it. The last line that says "reboot" will run at boot time, for each and every boot. It will also run again, once every minute. If the L2TP is online, running the command is harmless and will simply exit. ListenAddress 10.0.0.42 You can find useful logs in `<tt>/var/log/messages`</tt>. ==Testing==

L2TP Client: Debian (view source)

Revision as of 23:03, 28 November 2022