L2TP Client: OpenWRT: Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 15: | Line 15: | ||
luci-proto-ipv6 - git-15.090.50849-576e235-1 |
luci-proto-ipv6 - git-15.090.50849-576e235-1 |
||
luci-proto-ppp - git-15.090.50849-576e235-1 |
luci-proto-ppp - git-15.090.50849-576e235-1 |
||
Note: When installing the kmods you will need to reboot your router for these kernel modules to then be loaded, then the L2TP option should be usable for the network interface configuration part. [https://github.com/openwrt/packages/issues/12544 *] |
|||
You'll first need to create a static route for ALL the IPs for <code>l2tp.aa.net.uk</code> via your bulk interface (usually <code>wan</code>) in <code>/etc/config/network</code> - |
You'll first need to create a static route for ALL the IPs for <code>l2tp.aa.net.uk</code> via your bulk interface (usually <code>wan</code>) in <code>/etc/config/network</code> - |
Latest revision as of 11:14, 11 September 2024
OpenWRT
I'll give details about doing things without LuCI - if you want to do it through the web UI, it should be obvious from the text config what you need to twiddle.
Tested with the following package versions -
kmod-l2tp - 3.18.10-1 kmod-l2tp-eth - 3.18.10-1 kmod-l2tp-ip - 3.18.10-1 kmod-pppol2tp - 3.18.10-1 ppp-mod-pppol2tp - 2.4.7-5 xl2tpd - 1.3.6-5619e1771048e74b729804e8602f409af0f3faea luci-proto-ipv6 - git-15.090.50849-576e235-1 luci-proto-ppp - git-15.090.50849-576e235-1
Note: When installing the kmods you will need to reboot your router for these kernel modules to then be loaded, then the L2TP option should be usable for the network interface configuration part. *
You'll first need to create a static route for ALL the IPs for l2tp.aa.net.uk
via your bulk interface (usually wan
) in /etc/config/network
-
config route option interface 'wan' option target '90.155.53.19'
And do the same for any other IP addresses that l2tp.aa.net.uk resolves to. Note that IPs may be added with or without warning.
Then add the tunnel to /etc/config/network
- note that even though we enable it, the interface won't get an IPv6 address. Fear not, we can fix that in a minute.
config interface 'aaisp' option proto 'l2tp' option server 'l2tp.aa.net.uk' option username 'yourusername@a' option password 'YOURPASSWORD' option ipv6 '1' option peerdns '0' option metric '50'
Next let's configure DHCPv6 over the tunnel interface since PPP IPV6CP doesn't seem to work properly. Again in /etc/config/network
- edit to taste if you don't want to gobble up your entire /48. Though this shows as a separate interface in OpenWRT-land, they'll both assign addresses to the same underlying interface, 'l2tp-aaisp'.
config interface 'aaisp6' option proto 'dhcpv6' option reqprefix '48' option peerdns '0' option _orig_ifname 'aaisp' option _orig_bridge 'false' option ifname 'l2tp-aaisp' option reqaddress 'force'
Now we have -
- All IPv4 traffic going out of our bulk WAN interface (metric 0)
- The L2TP tunnel has its default gateway set, but unused (metric 50)
- All IPv6 traffic going out of the tunnel (haven't tested what would happen if your bulk interface was also IPv6 capable)
- DNS unchanged from original setup (I use dnscrypt-proxy and some REDIRECT iptables plumbing to secure DNS query traffic)
Next steps
- iptables PREROUTING rules to mark traffic that should egress via the tunnel
- iproute2 magic to route the marked traffic properly
- a painful sense of irony that we're dodging nasty shaping and filtering on our bulk interface only to do it ourselves
- a really sweet hat
Prod me (daveio
) on IRC if you have trouble, I'll try to assist if I'm around.