L2TP Client: OpenBSD

From AAISP Support Site
Revision as of 14:44, 20 Ocak 2025 by AA-Andrew (talk | contribs) (Created page with "Notes from a customer. while preparing this message that I noticed [https://www.mail-archive.com/misc@openbsd.org/msg179951.html this thread]. Oh well, it seems to confirm that ipv6 is not an option, at least not as of 2021. ===1. Install xl2tpd=== $ doas pkg-add xl2tpd ===2. Add these configuration details to /etc/xl2tpd/xl2tpd.conf:=== ; Configuration for AAISP L2TP service [lac aaisp] lns = l2tp.aaisp.net.uk require authentication = no pppoptfile = /etc/ppp/...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Notes from a customer.

while preparing this message that I noticed this thread. Oh well, it seems to confirm that ipv6 is not an option, at least not as of 2021.


1. Install xl2tpd

$ doas pkg-add xl2tpd

2. Add these configuration details to /etc/xl2tpd/xl2tpd.conf:

; Configuration for AAISP L2TP service
[lac aaisp]
lns = l2tp.aaisp.net.uk
require authentication = no
pppoptfile = /etc/ppp/options

3. Add the _xl2tpd user to the network group. I edited /etc/group manually, but it looks like this usermod invocation should do it: $ doas usermod -G network _xl2tpd

4. Place these options in /etc/ppp/options. (Unfortunately you cannot use an aanet-specific options file (as far as I know) because the options we will specify here would require pppd to be invoked as root, and xl2tpd will be running it as the _xl2tpd user.) noauth user <AA L2TP service username here> persist

The `persist` option indicates that pppd should try to restart the connection if the connection drops. You may wish to add additional options for resilience like `maxfail 0`; see the Debian L2TP fallback instructions for suggestions, but beware that several listed there (e.g. +ipv6) will not work.

5. Change group and permissions for the options file so that users in the network group can read it. $ doas chgrp network /etc/ppp/options $ doas chmod g+r /etc/ppp/options

6. Add authentication details to /etc/ppp/chap-secrets. You'll need to add a line with four whitespace-separated fields, containing your L2TP service username, either the L2TP server name ("B.Careless") or just * since we're assuming you don't plan on using ppp for anything else, the L2TP password, and then *. You could use this command: $ doas sh -c 'echo "<username>\t*\t<password>\t*" >> /etc/ppp/chap-secrets'

7. Create an interface configuration file for the PPP connection. $ doas sh -c 'echo down > /etc/hostname.ppp0'

You can then run `doas sh /etc/netstart` to activate the ppp0 interface (or you could reboot if you prefer), then use `ifconfig` to confirm the presence of ppp0.

8. Finally, enable and start the xl2tpd daemon.

$ doas rcctl enable xl2tpd
$ doas rcctl start xl2tpd

From this point, if you wish to bring up your L2TP tunnel, you can $ doas sh -c 'echo "c aaisp" > /var/run/xl2tpd/l2tp-control' You can bring it down again with $ doas sh -c 'echo "d aaisp" > /var/run/xl2tpd/l2tp-control'

As the generic L2TP Linux instructions note: "you will then need to figure out what you want to route up the tunnel."

Retrieved from ‘http://support.aa.net.uk/index.php?title=L2TP_Client:_OpenBSD&oldid=17500