26
edits
Router:Linux - Debian - With L2TP Fallback: Difference between revisions
Router:Linux - Debian - With L2TP Fallback (view source)
Revision as of 15:45, 14 April 2020
, 14 April 2020no edit summary
(Added Diagrams) |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
|
I investigated PFSense (My current firewall solution) and RouterOS, but neither had very satisfactory scripting abilities. Linux, on the other hand, had no such problem.
In this solution, I have chosen to place a Linux solution acting only as a router in front of my PFSense box. This kept a fairly nice GUI for day to day management, but provided it with a more robust way to connect to AAISP via a Linux router, all of which is hosted on an ESXi box. The obvious cost is an extra hop, which requires a bit of extra CPU and causes a bit of extra latency. When measured I found PFSense to need around 10x the CPU of the linux box (
Throughout this guide, I'll likely refer to your PFSense box. While a few config tweaks will be needed, the guide should apply to more or less any firewall.
There are two options for IPv4 ranges. You can either assign a /29 to the handoff interface between the Linux router and the firewall. This would be the "Proper" way to do things, but would waste 3 public IP addresses, which are a precious resource in this day and age. I have instead used RFC1918 private address space as a handoff between the devices, and routed the public /29 block to the private IP of the firewall. The firewall can then be configured with these as virtual addresses, with all 8 addresses kept as usable addresses.
= Assumptions and example setup =
[[File:Debian L2TP Routing Setup IPv4.jpg|none|frame|IPv4 routing setup used in this example]]
[[File:Debian L2TP Routing Setup IPv6.jpg|none|frame|IPv6 routing setup used in this example]]
| |||