Category:L2TP Handover: Difference between revisions

From AAISP Support Site

Revision as of 10:13, 9 May 2016

Overview

Our data SIMs allow for the possibility of L2TP hand over of mobile data to your own LNS. This means that the data SIM connects directly in to your network, and you control the IP address allocation, routing and any fire-walling or filtering you wish.

SIM Configuration

Click to Access the Control Pages

Accessing This Feature

Access is via the Control Pages as follows:

  1. Log in to the Control Pages with your xxx@a login
  2. Click on the SIM ICCID you want to edit
  3. Fill in the L2TP relay information there

You can enter the IP address of your LNS (and an alternative if you like), and a shared secret if you want to do tunnel authentication.

L2TP relay settings on the Control Pages

Information about Tunnels and Credentials

L2TP establishes a tunnel, and over that tunnel it establishes one or more sessions, each of which uses PPP.

The tunnel requires an endpoint address (e.g. l2tp.aa.net.uk or 90.155.53.19) and a hostname (which is sort of the login name for the tunnel). The tunnel can also include a secret, which we do not use for our L2TP outbound service to customer's L2TP servers.

Once the tunnel is established, a session can be established over the tunnel. The session does not have to have any authentication, but it is normal for the endpoints to negotiate PAP or CHAP using LCP, and so the connecting end will need a username and password to complete the PPP level authentication.

So, in total, you would need:

  1. Tunnel IP
  2. Tunnel Hostname
  3. Tunnel Secret (if used)
  4. Session Username
  5. Session Password

An L2TP session is PPP and can negotiate whatever authentication it likes for the session. In practice this is usually done by a proxy, so in the case of both SIMs and Broadband we will receive proxied negotiation details for the circuit, and will pass on those proxy details to the far end.

The far end should ideally used these details, which also include a calling station ID (circuit ID or ICCID). In the case of broadband the far end could restart LCP and re-run PPP authentication if it wished, end to end with the connecting device. This is not usually possible with a SIM though, so proxied credentials should be accepted.

Note, also, for a SIM, it is possible for the connection to have no authentication, i.e. LCP has negotiated no authentication protocol. This may upset some L2TP endpoints if they are not expecting this. They should authenticate on the ICCID (calling station) in such cases.

Setting up your end

There are pages below with help in setting up equipment at your end...

Pages in category 'L2TP Handover'

The following 5 pages are in this category, out of 5 total.