L2TP Client: Debian: Difference between revisions

L2TP Client: Debian (view source)

Revision as of 21:33, 12 March 2023

143 bytes added , 12 March 2023

m

removed pointless swearing

Drsox

autoreview, editor

94

edits

Revision as of 23:03, 28 November 2022 (view source) Reedy (talk \| contribs) (syntax) ← Older edit		Revision as of 21:33, 12 March 2023 (view source) Drsox (talk \| contribs) m (removed pointless swearing) Newer edit →
(4 intermediate revisions by 2 users not shown)
===Introduction=== I recently moved [https://libreboot.org/ ]libreboot.org] hosting to a much faster network than what it had before, but the new ISP doesn't assign static IPv4 or IPv6 subnets on the line, and it has all kinds of restrictions, though speed, uptime and latency are all excellent. I decided therefore to set up a tunnel connection using a&a's [https://www.aa.net.uk/broadband/l2tp-service/ L2TP tunnel service]. It's just like a regular VPN service, but specifically intended for people like me who need fixed IPs to host servers on. It's really very good, and my old hosting was done via one of their handline (VDSL) connections, but I decided I needed something faster via their L2TP service instead.▼ ▲I recently moved [https://libreboot.org/ ]libreboot.org hosting to a much faster network than what it had before, but the new ISP doesn't assign static IPv4 or IPv6 subnets on the line, and it has all kinds of restrictions, though speed, uptime and latency are all excellent. I decided therefore to set up a tunnel connection using a&a's [https://www.aa.net.uk/broadband/l2tp-service/ L2TP tunnel service]. It's just like a regular VPN service, but specifically intended for people like me who need fixed IPs to host servers on. It's really very good, and my old hosting was done via one of their handline (VDSL) connections, but I decided I needed something faster via their L2TP service instead. I was toying with OpenBSD as a router but decided to shelve that project for a while, and go with something I'm very familiar with - Debian Linux! Essentially, I like my main network to be "invisible". Just plug in and set an IP (from the public subnet) and you're good to go. This assumes you have good physical security and/or you trust the people that have access to it. You should not connect anything insecure directly to this main network. For example, your playstation or proprietary ~~shitware~~ Windows PC or something like that, should be heavily firewalled behind e.g. OpenWRT router. This type of network is useful to me because I run lots of servers via a&a, so I need great flexibility. This is just a very simple setup that works. ===Debian packages to install=== apt-get install ppp pppoe xl2tpd iproute2 tcpdump net-tools resolvconf You MUST NOT use DHCP on this connection. You have to set a static IP, so that you can set a custom route, going to <tt>90.155.53.19</tt> via what would otherwise be the <tt>gateway</tt> line; in this case I'd normally set <tt>gateway 10.42.0.1</tt> in the example below, but instead i set <tt>up /sbin/ip route add 90.155.53.19/32 via 10.42.0.1 dev enp14s0</tt>. This makes all traffic on IPv4 route through the L2TP instead of directly through the main upstream, in this case virgin media. '''And do the same for any other IP addresses that l2tp.aa.net.uk resolves to. Note that IPs may be added with or without warning.''' The fact that I used Virgin Media on this line is irrelevant. You can use L2TP on any ISP. Adapt the config below to your needs, accordingly: #net.ipv4.ip_forward=1 And this line (NOTE: disables stateless address autoconfiguration) Place the following contents: <syntaxhighlight lang=bash> [lac aaisp] lns = 90.155.53.19 NOTE: the <tt>name</tt> and <tt>password</tt> entries are your A&A login details for L2TP. <syntaxhighlight lang=bash> +ipv6 ipv6cp-use-ipaddr The routes must be deleted, when the line goes down: <syntaxhighlight lang=~~bahs~~bash> #!/bin/bash /bin/logger $1 is down