FireBrick L2TP Server: Difference between revisions
Content deleted Content added
mNo edit summary |
m clean up, typos fixed: ie, → i.e., (4), etc, → etc.,, eg → e.g. (3) |
||
| Line 32: | Line 32: | ||
The <match settings are to match individual SIMs when the conenct in, and thus giving them their own IP address etc. |
The <match settings are to match individual SIMs when the conenct in, and thus giving them their own IP address etc. |
||
*name - just a name, |
*name - just a name, e.g. teh name of the person using this SIM |
||
*graph - make a graph for this SIM - will show usage etc, but latency can be ignored. |
*graph - make a graph for this SIM - will show usage etc., but latency can be ignored. |
||
*calling-station-id - this is the ICCID of the SIM, as AAISP use this as the station id |
*calling-station-id - this is the ICCID of the SIM, as AAISP use this as the station id |
||
*remote-ip - the IP address to give the SIM, |
*remote-ip - the IP address to give the SIM, i.e., an IP address on your LAN |
||
==Firewall== |
==Firewall== |
||
You will also need firewall filters, |
You will also need firewall filters, e.g. to allow traffic out of the SIM, in a ruleset add something to match the SIM. |
||
<syntaxhighlight> |
<syntaxhighlight> |
||
<rule name="L2TPOut" source-interface="l2tp"/> |
<rule name="L2TPOut" source-interface="l2tp"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
This of course can be restricted, so you could give a SIM just access to your LAN and not your WAN - |
This of course can be restricted, so you could give a SIM just access to your LAN and not your WAN - i.e. to block internet access whilst allowing them to access your own internal servers. |
||
==Routing from the LAN== |
==Routing from the LAN== |
||
| Line 49: | Line 49: | ||
=AAISP Config= |
=AAISP Config= |
||
[[File:Small-sim.jpg|frame|Data SIM |
[[File:Small-sim.jpg|frame|Data SIM]] |
||
At the AAISP end, AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set this for [[L2TP]]: |
At the AAISP end, AAISP will set up a 'line' on the control pages for your SIM, you can request Staff to set this for [[L2TP]]: |
||
*Target IP - IP (4 or 6) of your FireBrick |
*Target IP - IP (4 or 6) of your FireBrick |
||
*Host - The Hostname as set in your 'incoming' config, |
*Host - The Hostname as set in your 'incoming' config, i.e. FireBrick in this case |
||
*secret - The secret as set in your incoming config, |
*secret - The secret as set in your incoming config, i.e. myPassword in this case |
||
| Line 60: | Line 60: | ||
On the Web interface, Status, [[L2TP]] will give the connection, if it's connected. |
On the Web interface, Status, [[L2TP]] will give the connection, if it's connected. |
||
[[File:L2tp-sessions.png|border|SIM showing on L2TP sessions page |
[[File:L2tp-sessions.png|border|SIM showing on L2TP sessions page]] |
||
You can use the FireWall check to check if a SIM will have access to the internet. |
You can use the FireWall check to check if a SIM will have access to the internet. |
||
| Line 67: | Line 67: | ||
=Separate (NAT) Subnet for the Dongle= |
=Separate (NAT) Subnet for the Dongle= |
||
Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, |
Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, e.g.: |
||
<syntaxhighlight> |
<syntaxhighlight> |
||
<match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/> |
<match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/> |
||