FireBrick using L2TP as main connection

From AAISP Support Site
Revision as of 23:47, 30 Haziran 2022 by Reedy (talk | contribs) (→‎Overview: syntaxhighlight)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

2700-small.png

Overview

It is possible to have slow ADSL (if you're a long way from the exchange) but to have a faster (fibre) link to use. In this case, you might want to keep an ADSL or two around for backups in case the fibre goes down.

If the fibre is provided by a third party, you could use L2TP over your main connection to avoid IPs changing if the fibre breaks.

All this config is doing is setting localprefs on ADSL and L2TP such that the L2TP is preferred if it's up. The ADSL lines are bonded if the L2TP goes down.

This is a rough example for such a config, using NAT on the LAN and L2TP to AA as the main connection:

 <port name="LAN"
       ports="1"/>
 <port name="WAN1"
       ports="4"
       comment="ADSL Line 1"/>
 <port name="WAN2"
       ports="3"
       comment="ADSL Line 2"/>
 <port name="WAN3"
       ports="2"
       comment="Main internet connection"/>
 <interface name="LAN"
            port="LAN"
            comment="Default LAN interface">
  <subnet name="IPv4"
          ip="192.168.0.1/24"
          comment="LAN"/>
  <subnet name="[[IPv6]]"
          ip="2001:db8::1/64"
          ra="true"/>
 </interface>
 <interface name="WAN1"
            port="WAN1"
            comment="WAN interface 1"/>
 <interface name="WAN2"
            port="WAN2"
            comment="WAN interface 2"/>
 <interface name="Main"
            port="WAN3"
            table="1"
            comment="Main connection interface">
  <subnet comment="Gets IP from DHCP"/>
 </interface>
 <ppp name="ADSL1"
      port="WAN1"
      username="example@a.1"
      password="secret"
      speed="1000000"
      lcp-rate="1"
      lcp-timeout="6"
      localpref="100"
      table="0"
      graph="ADSL1"/>
 <ppp name="ADSL2"
      port="WAN2"
      username="example@a.2"
      password="secret"
      speed="1000000"
      lcp-rate="1"
      lcp-timeout="6"
      localpref="100"
      table="0"
      graph="ADSL2"/>
 <usb>
 <loopback ip="192.0.2.10"
           comment="Public IP address for NAT"/>
 <l2tp>
  <outgoing name="AAISP"
            hostname="example@a.3"
            secret="secret"
            ip="90.155.53.19"
            table="1"
            payload-table="0"
            username="example@a.3"
            password="secret"
            localpref="1000"
            mtu="1280"
            lcp-rate="1"
            lcp-timeout="10"
            tcp-mss-fix="true"/>
 </l2tp>
 <ip-group name="RFC1918"
           ip="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
           comment="This IP group is used for NAT"/>
 <rule-set name="NAT"
           table="0"
           source-ip="RFC1918"
           no-match-action="continue"
           comment="Sets source IP address for NAT to a routed address.">
  <rule name="self"
        target-interface="self"
        comment="Allow traffic from the LAN to reach the FireBrick"/>
  <rule name="NAT"
        set-source-ip="192.0.2.10"
        set-nat="true"/>
 </rule-set>