Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

L2TP Overview: Difference between revisions

L2TP Overview (view source)

Revision as of 12:46, 7 April 2015

2,670 bytes added ,  7 April 2015
Add L2TP config details for OpenWRT
mNo edit summary
(Add L2TP config details for OpenWRT)
*From March 2014 we are now emailing and tweeting when an L2TP line goes up or down unexpectedly. Settings for this are on the control page. This works in the same way as the up/down messages we send for broadband lines.
 
=L2TP from AAISP to Customer=
=L2TP Relay Configuration Options at AAISP Side=
L2TP settingsettings are set by staff, so please do contact them for any changes or setup. The information that would be requested is:
*Target IP (with an optional backup IP) - the L2TP server at your side
*Host - the hostname we present
*Secret - the password we use (optional)
 
=L2TP from Customer to AAISP=
* Hostname: l2tp.aa.net.uk
* Plain L2TP without any IPsec
* MSCHAPv2 authentication
 
= '''Some Notes from customers setting up L2TP IN to AAISP:''' =
 
If you get stuck, pop into the IRC channel and see if I'm around (basil_uk) and I'll help if possible.
 
== OpenWRT ==
 
I'll give details about doing things without LuCI - if you want to do it through the web UI, it should be obvious from the text config what you need to twiddle.
 
Tested with the following package versions -
 
kmod-l2tp - 3.18.10-1
kmod-l2tp-eth - 3.18.10-1
kmod-l2tp-ip - 3.18.10-1
kmod-pppol2tp - 3.18.10-1
ppp-mod-pppol2tp - 2.4.7-5
xl2tpd - 1.3.6-5619e1771048e74b729804e8602f409af0f3faea
luci-proto-ipv6 - git-15.090.50849-576e235-1
luci-proto-ppp - git-15.090.50849-576e235-1
 
You'll first need to create a static route for <code>l2tp.aa.net.uk</code> via your bulk interface (usually <code>wan</code>) in <code>/etc/config/network</code> -
 
config route
option interface 'wan'
option target '90.155.53.19'
 
Then add the tunnel to <code>/etc/config/network</code> - note that even though we enable it, the interface won't get an IPv6 address. Fear not, we can fix that in a minute.
 
config interface 'aaisp'
option proto 'l2tp'
option server 'l2tp.aa.net.uk'
option username 'yourusername@a'
option password 'YOURPASSWORD'
option ipv6 '1'
option peerdns '0'
option metric '50'
 
Next let's configure DHCPv6 over the tunnel interface since PPP IPV6CP doesn't seem to work properly. Again in <code>/etc/config/network</code> - edit to taste if you don't want to gobble up your entire /48. Though this shows as a separate interface in OpenWRT-land, they'll both assign addresses to the same underlying interface, 'l2tp-aaisp'.
 
config interface 'aaisp6'
option proto 'dhcpv6'
option reqprefix '48'
option peerdns '0'
option _orig_ifname 'aaisp'
option _orig_bridge 'false'
option ifname 'l2tp-aaisp'
option reqaddress 'force'
 
Now we have -
 
* All IPv4 traffic going out of our bulk WAN interface (metric 0)
* The L2TP tunnel has its default gateway set, but unused (metric 50)
* All IPv6 traffic going out of the tunnel (haven't tested what would happen if your bulk interface was also IPv6 capable)
* DNS unchanged from original setup (I use dnscrypt-proxy and some REDIRECT iptables plumbing to secure DNS query traffic)
 
Next steps
 
* iptables PREROUTING rules to mark traffic that should egress via the tunnel
* iproute2 magic to route the marked traffic properly
* a painful sense of irony that we're dodging nasty shaping and filtering on our bulk interface only to do it ourselves
* a really sweet hat
 
Prod me (<code>daveio</code>) on IRC if you have trouble, I'll try to assist if I'm around.
 
== Other Hardware ==
Daveio
1

edit

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/8936