Firebrick using L2TP over dongle: Difference between revisions

From AAISP Support Site
(→‎Overview: clean up)
(→‎Overview: syntaxhighlight)
 
Line 3: Line 3:
=Overview=
=Overview=
Some customers prefer to use a dongle as their main connection in areas where ADSL speeds are particularly poor.
Some customers prefer to use a dongle as their main connection in areas where ADSL speeds are particularly poor.

People may find that CGNAT or other limiting factors within the cellular network break certain services such as SIP. We can get around this using L2TP.
People may find that CGNAT or other limiting factors within the cellular network break certain services such as SIP. We can get around this using L2TP.


The config below is a small modification to the config generated by the FireBrick itself.
The config below is a small modification to the config generated by the FireBrick itself.

The idea is to set the ''payload-table'' for L2TP to table 1, and to then put the LAN interface on this table.
The idea is to set the ''payload-table'' for L2TP to table 1, and to then put the LAN interface on this table.


<syntaxhighlight lang="xml">
<pre>
<port name="LAN" ports="1 2 3 4"/>
<port name="LAN" ports="1 2 3 4"/>
<port name="USB" ports="" dongle="Dongle"/>
<port name="USB" ports="" dongle="Dongle"/>
<interface name="LAN" port="LAN" table="1" comment="Default LAN interface">
<interface name="LAN" port="LAN" table="1" comment="Default LAN interface">
Line 28: Line 30:
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
<rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
</rule-set>
</rule-set>
</syntaxhighlight>
</pre>





Latest revision as of 23:48, 30 June 2022

2700-small.png

Overview

Some customers prefer to use a dongle as their main connection in areas where ADSL speeds are particularly poor.

People may find that CGNAT or other limiting factors within the cellular network break certain services such as SIP. We can get around this using L2TP.

The config below is a small modification to the config generated by the FireBrick itself.

The idea is to set the payload-table for L2TP to table 1, and to then put the LAN interface on this table.

   <port name="LAN" ports="1 2 3 4"/>
   <port name="USB" ports="" dongle="Dongle"/>
   <interface name="LAN" port="LAN" table="1" comment="Default LAN interface">
      <subnet name="Default IPs" ip="10.0.0.1/24" nat="true" comment="Temporary IPs for setup only, delete when finished configuring"/>
      <dhcp name="Auto allocated IPs" ip="10.0.0.2-199" comment="Allocates IP addresses automatically"/>
   </interface>
   <interface name="USB" port="USB" comment="Default USB interface">
      <subnet name="DHCP client"/>
   </interface>
   <usb>
      <dongle name="Dongle" comment="Default USB config, does not usually require any more settings"/>
   </usb>
   <l2tp accounting-interval="1:00:00">
      <outgoing name="AAISP" hostname="AAISP" ip="90.155.53.19" graph="Tunnel" payload-table="1" username="xxx@a.x" password="xxxxxxxx" tcp-mss-fix="true" comment="To AAISP"/>
   </l2tp>
   <ipsec-ike/>
   <rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
      <rule name="Allow Firebrick" source-interface="self" comment="Allow all from the FireBrick to LAN"/>
   </rule-set>