L2TP Client: Debian: Difference between revisions
Content deleted Content added
Formatting |
syntax |
||
| Line 65: | Line 65: | ||
===Network configuration=== |
===Network configuration=== |
||
In the network configuration below, my normal router was a thinkpad connected to wifi, sharing that over ethernet. It was just a test setup. On that DHCP server on the thinkpad, the subnet was |
In the network configuration below, my normal router was a thinkpad connected to wifi, sharing that over ethernet. It was just a test setup. On that DHCP server on the thinkpad, the subnet was <tt>10.42.0.0/24</tt>, but normally you might use e.g. <tt>192.168.0.0/24</tt>. |
||
You MUST NOT use DHCP on this connection. You have to set a static IP, so that you can set a custom route, going to |
You MUST NOT use DHCP on this connection. You have to set a static IP, so that you can set a custom route, going to <tt>90.155.53.19</tt> *via* what would otherwise be the <tt>gateway</tt> line; in this case I'd normally set <tt>gateway 10.42.0.1</tt> in the example below, but instead i set <tt>up /sbin/ip route add 90.155.53.19/32 via 10.42.0.1 dev enp14s0</tt>. This makes all traffic on IPv4 route through the L2TP instead of directly through the main upstream, in this case virgin media. |
||
The fact that I used Virgin Media on this line is irrelevant. You can use L2TP on any ISP. Adapt the config below to your needs, accordingly: |
The fact that I used Virgin Media on this line is irrelevant. You can use L2TP on any ISP. Adapt the config below to your needs, accordingly: |
||
| Line 73: | Line 73: | ||
===/etc/network/interfaces=== |
===/etc/network/interfaces=== |
||
<syntaxhighlight> |
<syntaxhighlight lang=bash> |
||
source /etc/network/interfaces.d/* |
source /etc/network/interfaces.d/* |
||
| Line 129: | Line 129: | ||
NOTE: We shall re-edit this file later. For now though, our purpose is only to get online. |
NOTE: We shall re-edit this file later. For now though, our purpose is only to get online. |
||
NOTE: IP address |
NOTE: IP address <tt>90.155.53.19</tt> is what <tt>l2tp.aa.net.uk</tt> resolves to, and it shall be used directly for our purposes, due to absent name resolution during initialisation of this network. |
||
===Enabling IP forwarding=== |
===Enabling IP forwarding=== |
||
| Line 149: | Line 149: | ||
sysctl -p |
sysctl -p |
||
This will reload |
This will reload <tt>/etc/sysctl.conf</tt> - applying our changes. |
||
===L2TP=== |
===L2TP=== |
||
| Line 155: | Line 155: | ||
It may seem counter-intuitive above, that we've configured PPP as though we're on a hardline, but this is important for the next step. A&A provides L2TP without authentication, but then you authenticate via PPP routed through L2TP. |
It may seem counter-intuitive above, that we've configured PPP as though we're on a hardline, but this is important for the next step. A&A provides L2TP without authentication, but then you authenticate via PPP routed through L2TP. |
||
Debian kernels should already have the correct modules, but otherwise you must ensure that the |
Debian kernels should already have the correct modules, but otherwise you must ensure that the <tt>CONFIG_PPPOL2TP</tt> and <tt>CONFIG_L2TP</tt> options are enabled in your kernel configuration. |
||
It should be noted that A&A L2TP service is (as of this day) currently without IPSEC or other encryption such as wireguard. This is less than ideal, but you will likely be doing a lot of encrypted things online anyway (lots of websites are https-aware nowadays). |
It should be noted that A&A L2TP service is (as of this day) currently without IPSEC or other encryption such as wireguard. This is less than ideal, but you will likely be doing a lot of encrypted things online anyway (lots of websites are https-aware nowadays). |
||
You will not be able to use DNS until the L2TP is up, so we will use A&A's IP address for |
You will not be able to use DNS until the L2TP is up, so we will use A&A's IP address for <tt>l2tp.aa.net.uk</tt>, which is <tt>90.155.53.19</tt>. |
||
===/etc/xl2tpd/xl2tpd.conf=== |
===/etc/xl2tpd/xl2tpd.conf=== |
||
Place the following contents: |
Place the following contents: |
||
| Line 177: | Line 176: | ||
Create this file, and place the following contents: |
Create this file, and place the following contents: |
||
NOTE: the |
NOTE: the <tt>name</tt> and <tt>password</tt> entries are your A&A login details for L2TP. |
||
<syntaxhighlight> |
<syntaxhighlight> |
||
| Line 190: | Line 189: | ||
===PPP IF Up/Down scripts=== |
===PPP IF Up/Down scripts=== |
||
PPPoE and L2TP are managed by |
PPPoE and L2TP are managed by <tt>pppd</tt>, which executes if up/down scripts when interfaces go up or down. We shall manipulate this accordingly: |
||
===/etc/ppp/ipv6-up.d/0000-defaultroute=== |
===/etc/ppp/ipv6-up.d/0000-defaultroute=== |
||
| Line 316: | Line 315: | ||
This L2TP routing setup is a bit hacky, and this guide could use some refinement. |
This L2TP routing setup is a bit hacky, and this guide could use some refinement. |
||
The |
The <tt>@reboot</tt> line is probably redundant, since this will just run every minute anyway. I really wouldn't worry about it. |
||
The last line that says "reboot" will run at boot time, for each and every boot. It will also run again, once every minute. If the L2TP is online, running the command is harmless and will simply exit. |
The last line that says "reboot" will run at boot time, for each and every boot. It will also run again, once every minute. If the L2TP is online, running the command is harmless and will simply exit. |
||
| Line 330: | Line 329: | ||
ListenAddress 10.0.0.42 |
ListenAddress 10.0.0.42 |
||
You can find useful logs in |
You can find useful logs in <tt>/var/log/messages</tt>. |
||
==Testing== |
==Testing== |
||