12,270
edits
FireBrick L2TP Server: Difference between revisions
no edit summary
No edit summary |
|||
|
==Routing from the LAN==
If you are assigning IPs from your LAN to the SIM, then as the L2TP connection is on a different interface to your LAN -to enable routing from the LAN to your SIM you will need to set proxy-arp=true on the LAN interface.
==Separate (NAT) Subnet for the Dongle==▼
Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, eg:▼
<match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/>▼
Here there is no need to create a separate subnet interface on the FireBrick. This SIM then be accessible from your LAN and not your WAN, and the SIM will only have access to your LAN and not the WAN.▼
To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the L2TP to your internet interface (in this case PPPoE), eg:▼
<route-override name="L2TP NAT">▼
<rule name="NAT the SIM for Internet Access" source-interface="l2tp" target-interface="pppoe" set-nat="true"/>▼
</route-override>▼
=AAISP Config=
You can also check the routing of the IP you've assigned the SIM.
▲Rather than giving your SIM an IP on your LAN, you could give the SIM a private (RFC1918) IP in the <match config, eg:
▲ <match name="SIM" graph="SIM" calling-station-id="8944200000000000" remote-ip="192.168.99.99" comment="My SIM"/>
▲Here there is no need to create a separate subnet interface on the FireBrick. This SIM then be accessible from your LAN and not your WAN, and the SIM will only have access to your LAN and not the WAN.
▲To give the SIMs access to the Internet, you will need a Route Override configured to NAT the traffic from the L2TP to your internet interface (in this case PPPoE), eg:
▲ <route-override name="L2TP NAT">
▲ <rule name="NAT the SIM for Internet Access" source-interface="l2tp" target-interface="pppoe" set-nat="true"/>
▲ </route-override>
| |||