Back up to the L2TP Category

Difference between revisions of "Category:Incoming L2TP"

From AAISP Support Site
Jump to navigation Jump to search
[quality revision][quality revision]
 
(55 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP.svg|link=:Category:L2TP|30px|Back up to the L2TP Category]]</indicator>
 
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP.svg|link=:Category:L2TP|30px|Back up to the L2TP Category]]</indicator>
=L2TP from Customers to AAISP=
+
= L2TP from Customers to AAISP =
This is used to connect in to AAISP over a third-party internet connection. This gives you your usual AAISP IP (4 and 6) blocks and access to the internet as if you were conencted via a normal DSL circuit.
 
   
  +
There are two reasons to use L2TP to connect in to AAISP:
* Hostname: l2tp.aa.net.uk
 
  +
# As a backup for your existing AAISP circuit in the event of a fault.
* Plain L2TP without any IPsec
 
  +
#* Logging in over L2TP using your DSL credentials (ie xxx@a.1) from a different ISP will give you your normal IP addresses. You can use this whilst your AAISP connection is being fixed.
* MSCHAPv2 authentication
 
  +
#* This is enabled by default and available to everyone, there are no extra charges. Usage is taken from your quota in the usual way as if you were connecting over DSL.
  +
#* Speed is capped at 100Mb/s.
  +
#* Regarding IP routing, The L2TP has priority over the DSL, so you'd want to bring it up/down as and when required as the DSL won't have IPs routed to it when the L2TP is up.
  +
# Connect in to AAISP over a third-party internet connection.
  +
#* This gives you your an AAISP IPv4 address and an IPv6 block. This will then give you unfiltered internet access with public IP addresses etc.
  +
#* Speed is capped at 200Mb/s (3Mb/s for the low-cost Light service).
  +
#* There are more reasons for doing this and further information and ordering on [https://www.aa.net.uk/broadband/l2tp-service/ A&A L2TP service].
   
  +
== Connection Details ==
  +
* Endpoint:
  +
** l2tp.aa.net.uk
  +
** or l2tp6.aa.net.uk
  +
* Username & Password as supplied
  +
* Hostname: AAISP
  +
* Authentication Protocol: CHAP/MSCHAPv2 or PAP, but recommend CHAP, as L2TP is not encrypted
  +
* Plain L2TP '''without any IPsec'''. This is important as some devices may not support disabling encryption on L2TP.
  +
* Check that your ISP/mobile provider does not have features that will block 'VPN' services - eg Vodafone's 'SecureNet' will block access to our L2TP service but can usually be disabled via the provider's control pages/App/etc
   
  +
=== Speed/Latency Tweaks ===
  +
See: [[L2TP-Latency-Speed-Tweaks]]
   
  +
=== MTU ===
= Some Notes from customers setting up L2TP IN to AAISP: =
 
  +
You may have to set a lower MTU to accommodate the host ISP, possibly as low as 1462 (or lower for some ISPs). In theory fragments will work to allow 1500 MTU on our service, but fragments are inefficient, and if everyone sends fragmented packets that could degrade the service.
   
  +
=== Port forwarding on some 'Mobile Broadband' routers ===
  +
We have reports from a few customers who are using 4G/5G mobile data routers for 'mobile broadband' that whilst they do support L2TP they do not appear to port forward the static IP on the L2TP. The web UI suggests that portforwarding can be configured, but this seems to only portforward the IP address on the mobile data connection and not the IP address on the L2TP connection. We suggest that customers should report this as a bug to the supplier/manufacturer of the router. This can have an impact on using our L2TP service as these routers will be restircting the capabilities (ie portforwarding). A work-around is to to a separate ethernet router on your LAN to establish the tunnel.
   
  +
= Notes on setting up L2TP IN to AAISP: =
 
  +
{{AAMenu|img=Menu-FireBrick.svg|link=L2TP_Client:_FireBrick|title=L2TP from FireBrick|text=Creating a L2TP connection from a FireBrick to AAISP}}
 
 
 
== Cisco Routers ==
 
 
Cisco routers running IOS 12.3(2)T and later support L2TP client initiated tunneling which allows the router to establish an L2TP tunnel to A&amp;A's L2TP server.
 
 
Most of the information required was gleaned from here: [http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtvoltun.html] plus a bit of trial and error and some packet capturing of good and bad L2TP sessions.
 
 
I have tested this on a Cisco 837 router running 12.3(11)YZ2, a 2821 running 12.4(15)T10 SPServices and a 2801 running 12.4(24)T3 ADVIPServices
 
 
'''Caveats:'''
 
 
- You will need to sanity check routing in your particular environment. This is especially important if you choose to use '''ppp ipcp route default''' on the l2tp tunnel. It's safest to make sure that you have a static route set to the L2TP server.
 
 
- I haven't tested this for [[IPv6|IPV6]] yet.
 
 
- This is "early release" information - I haven't yet used this in anger over a long period of time but will try to remember to come back and update if I find any major issues.
 
 
- This config snippet contains no security settings - be sure to configure some!
 
 
- I've used the IP address of the L2TP server rather than the DNS address - this is obviously at risk of change .
 
 
- You need to be running IP CEF on the router
 
 
'''Config:'''
 
 
Replace ''&lt;whatever&gt;'' with the appropriate information for your connection
 
 
ip cef
 
l2tp-class lc-aaisp
 
 
pseudowire-class pc-aaisp
 
encapsulation l2tpv2
 
protocol l2tpv2 lc-aaisp
 
ip local interface ''&lt;interface that l2tp connection should go out from&gt;''
 
 
interface Virtual-PPP9797
 
shutdown
 
ip address negotiated
 
no cdp enable
 
ppp authentication chap callin
 
ppp chap hostname ''&lt;l2tp line login eg stzzz@a.2&gt;''
 
ppp chap password 0 ''&lt;site password&gt;''
 
ppp direction callout
 
ppp pap refuse
 
pseudowire 90.155.53.19 10 pw-class pc-aaisp
 
 
 
Once the interface is configured you can issue a '''no shut''' on it to bring it up.
 
 
'''Debugging:'''
 
 
'''debug ppp authentication''' and '''debug ppp negotiation''' are your friends... In particular if you see "Circuit ID not set - contact support" in the authentication debug, contact A&amp;A support to get them to fix your L2TP login.
 
 
Once the connection is up, you should see the virtual PPP interface configured with the static IP that is assigned to it in clueless.
 
 
If you get stuck, pop into the IRC channel and see if I'm around (basil_uk) and I'll help if possible.
 
 
 
 
 
== Other Hardware ==
 
 
The TL-WR741ND router works, although it can only do NAT, but is very cheap.
 
 
 
{{AAMenu|img=Menu-FireBrick.svg|link=L2TP_Client:_FireBrick|title=L2TP from FireBrick|text=Creating a L2TP connection from a FireBrick to AAISP)}}
 
 
{{AAMenu|img=Menu-Apple.svg|link=L2TP_Client:_OSX|title=L2TP from OSX|text=Creating a L2TP connection from Apple OSX to AAISP}}
 
{{AAMenu|img=Menu-Apple.svg|link=L2TP_Client:_OSX|title=L2TP from OSX|text=Creating a L2TP connection from Apple OSX to AAISP}}
 
{{AAMenu|img=Menu-Windows.svg|link=L2TP_Client:_Windows|title=L2TP from Windows|text=Creating a L2TP connection from Windows to AAISP}}
 
{{AAMenu|img=Menu-Windows.svg|link=L2TP_Client:_Windows|title=L2TP from Windows|text=Creating a L2TP connection from Windows to AAISP}}
{{AAMenu|img=Menu-Linux.svg|link=L2TP_Client:_Linux|title=L2TP from Linux|text=Creating a L2TP connection from Linux to AAISP}}
+
{{AAMenu|img=Menu-Linux.svg|link=L2TP_Client:_Linux|title=L2TP from Linux|text=Creating a L2TP connection from Linux/Ubuntu/Network Manager to AAISP using xl2tpd}}
  +
{{AAMenu|img=Menu-Linux.svg|link=Router:Linux_-_Debian_-_With_L2TP_Fallback|title=L2TP Failover with Linux|text=Creating a L2TP fallback for AAISP using pppd and xl2tpd}}
 
{{AAMenu|img=Menu-Routerboard.svg|link=L2TP_Client:_Routerboard|title=L2TP from Routerboard|text=Creating a L2TP connection from Routerboard to AAISP}}
 
{{AAMenu|img=Menu-Routerboard.svg|link=L2TP_Client:_Routerboard|title=L2TP from Routerboard|text=Creating a L2TP connection from Routerboard to AAISP}}
 
{{AAMenu|img=Menu-OpenWRT.svg|link=L2TP_Client:_OpenWRT|title=L2TP from OpenWRT|text=Creating a L2TP connection from OpenWRT to AAISP}}
 
{{AAMenu|img=Menu-OpenWRT.svg|link=L2TP_Client:_OpenWRT|title=L2TP from OpenWRT|text=Creating a L2TP connection from OpenWRT to AAISP}}
 
{{AAMenu|img=Menu-Cisco.svg|link=L2TP_Client:_Cisco|title=L2TP from Cisco|text=Creating a L2TP connection from Cisco to AAISP}}
 
{{AAMenu|img=Menu-Cisco.svg|link=L2TP_Client:_Cisco|title=L2TP from Cisco|text=Creating a L2TP connection from Cisco to AAISP}}
  +
{{AAMenu|img=Menu-voip.svg|link=L2TP_Client:_SNOM|title=L2TP from a SNOM VoIP Phone|text=Creating a L2TP connection from a SNOM phone to AAISP}}
 
  +
{{AAMenu|img=Menu-router.svg|link=L2TP_Client:_Mobile_Broadband_Routers|title=L2TP from 4G/5G Huawei/Gigacube|text=Creating a L2TP connection 4G/5G Huawei/Gigacube type mobile broadband routers to AAISP}}
  +
{{AAMenu|img=Menu-router.svg|link=L2TP_Client:_Other_Routers|title=L2TP from Other Routers|text=Generic information for creating a L2TP connection from other routers to AAISP (eg Netgear, TP-Link etc that are not listed here.}}
   
 
[[Category:L2TP]]
 
[[Category:L2TP]]

Latest revision as of 21:24, 27 March 2022

L2TP from Customers to AAISP

There are two reasons to use L2TP to connect in to AAISP:

  1. As a backup for your existing AAISP circuit in the event of a fault.
    • Logging in over L2TP using your DSL credentials (ie xxx@a.1) from a different ISP will give you your normal IP addresses. You can use this whilst your AAISP connection is being fixed.
    • This is enabled by default and available to everyone, there are no extra charges. Usage is taken from your quota in the usual way as if you were connecting over DSL.
    • Speed is capped at 100Mb/s.
    • Regarding IP routing, The L2TP has priority over the DSL, so you'd want to bring it up/down as and when required as the DSL won't have IPs routed to it when the L2TP is up.
  2. Connect in to AAISP over a third-party internet connection.
    • This gives you your an AAISP IPv4 address and an IPv6 block. This will then give you unfiltered internet access with public IP addresses etc.
    • Speed is capped at 200Mb/s (3Mb/s for the low-cost Light service).
    • There are more reasons for doing this and further information and ordering on A&A L2TP service.

Connection Details

  • Endpoint:
    • l2tp.aa.net.uk
    • or l2tp6.aa.net.uk
  • Username & Password as supplied
  • Hostname: AAISP
  • Authentication Protocol: CHAP/MSCHAPv2 or PAP, but recommend CHAP, as L2TP is not encrypted
  • Plain L2TP without any IPsec. This is important as some devices may not support disabling encryption on L2TP.
  • Check that your ISP/mobile provider does not have features that will block 'VPN' services - eg Vodafone's 'SecureNet' will block access to our L2TP service but can usually be disabled via the provider's control pages/App/etc

Speed/Latency Tweaks

See: L2TP-Latency-Speed-Tweaks

MTU

You may have to set a lower MTU to accommodate the host ISP, possibly as low as 1462 (or lower for some ISPs). In theory fragments will work to allow 1500 MTU on our service, but fragments are inefficient, and if everyone sends fragmented packets that could degrade the service.

Port forwarding on some 'Mobile Broadband' routers

We have reports from a few customers who are using 4G/5G mobile data routers for 'mobile broadband' that whilst they do support L2TP they do not appear to port forward the static IP on the L2TP. The web UI suggests that portforwarding can be configured, but this seems to only portforward the IP address on the mobile data connection and not the IP address on the L2TP connection. We suggest that customers should report this as a bug to the supplier/manufacturer of the router. This can have an impact on using our L2TP service as these routers will be restircting the capabilities (ie portforwarding). A work-around is to to a separate ethernet router on your LAN to establish the tunnel.

Notes on setting up L2TP IN to AAISP:

Menu-FireBrick.svg

L2TP from FireBrick

Creating a L2TP connection from a FireBrick to AAISP

Menu-Apple.svg

L2TP from OSX

Creating a L2TP connection from Apple OSX to AAISP

Menu-Windows.svg

L2TP from Windows

Creating a L2TP connection from Windows to AAISP

Menu-Linux.svg

L2TP from Linux

Creating a L2TP connection from Linux/Ubuntu/Network Manager to AAISP using xl2tpd

Menu-Linux.svg

L2TP Failover with Linux

Creating a L2TP fallback for AAISP using pppd and xl2tpd

Menu-Routerboard.svg

L2TP from Routerboard

Creating a L2TP connection from Routerboard to AAISP

Menu-OpenWRT.svg

L2TP from OpenWRT

Creating a L2TP connection from OpenWRT to AAISP

Menu-Cisco.svg

L2TP from Cisco

Creating a L2TP connection from Cisco to AAISP

Menu-voip.svg

L2TP from a SNOM VoIP Phone

Creating a L2TP connection from a SNOM phone to AAISP

Menu-router.svg

L2TP from 4G/5G Huawei/Gigacube

Creating a L2TP connection 4G/5G Huawei/Gigacube type mobile broadband routers to AAISP

Menu-router.svg

L2TP from Other Routers

Generic information for creating a L2TP connection from other routers to AAISP (eg Netgear, TP-Link etc that are not listed here.