FireBrick L2TP Server: Difference between revisions

← Older edit

FireBrick L2TP Server (view source)

Revision as of 17:52, 19 November 2021

670 bytes added , 19 November 2021

Fix syntax

Reedy

editor

698

edits

Revision as of 15:07, 11 June 2018 (view source) AA-Andrew (talk \| contribs) m (→‎Overview) ← Older edit		Latest revision as of 17:52, 19 November 2021 (view source) Reedy (talk \| contribs) (Fix syntax)
(6 intermediate revisions by 2 users not shown)
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP-Relay.svg\|link=:Category:~~L2TP_Handover~~L2TP Handover\|30px\|Back up to the L2TP Handover page]]</indicator> [[File:2700-small.png\|link=:Category:FireBrick]] =Overview= A FireBrick can be easily configured to act as an LNS (L2TP Network Server) - you can then terminate direct L2TP connections on it from remove devices, or relay data SIMs or DSL circuits on to it (where the ISP support s L2TP relay - we do on the A&A Data SIMs and DSL services) This means, you can have remote 3G/4G LTE Mobile Data SIMs or DSL circuits terminated directly on to your LAN or a VLAN on your internal network. This is ideal for remote monitoring, digital signage, machine-to-machine networking, IoT etc... As the remote device is being terminated on the FireBrick, you have full control over firewall and internet access to and from the remote device. A 'Fully Loaded' FireBrick is required for [[L2TP]] features AAISP Data SIMS can be relayed on to your own [[L2TP]] Server, such as a FireBrick. This will enable a remote SIM to be connected directly to your LAN and have an IP on your LAN, very similar to a VPN. *The FireBrick allocates IPs statically within the config and can't use DHCP - for more advanced and more flexible configurations you'd run your own RADIUS server. [[File:FireBrick-L2TP-Diagram.jpg\|~~100px\|frame~~600px\|An attempt at a network diagram showing the SIM on the internal LAN]] =FireBrick Config= ==Firewall== You will also need firewall filters, e.g. to allow traffic out of the SIM, in a rule-set add something to match the SIM. <syntaxhighlight lang="xml"> <rule name="L2TPOut" source-interface="l2tp"/> </syntaxhighlight> =Separate (NAT) Subnet for the Dongle= Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, e.g.: <syntaxhighlight lang="xml"> <match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/> </syntaxhighlight> To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the [[L2TP]] to your internet interface (in this case PPPoE), eg: <syntaxhighlight lang="xml"> <route-override name="L2TP NAT"> <rule name="NAT the SIM for Internet Access" source-interface="[[L2TP\|l2tp]]" target-interface="pppoe" set-nat="true"/> [[Category:~~FireBrick_Tunnels~~FireBrick Tunnels\|L2TP]] [[Category:L2TP Handover]]