D-Link DFL-2500 User Manual

3.

Define a Pre-shared Key for the IPsec tunnel.

4.

Define an IPsec Tunnel object (let's call this object ipsec_tunnel) with the following
parameters:

•

Set Local Network to ip_ext (specify all-nets instead if NetDefendOS is behind a NATing
device).

•

Set Remote Network to all-nets

•

Set Remote Gateway to none

•

For Authentication select the Pre-shared Key object defined in the first step.

•

Set Encapsulation Mode to Transport.

•

Select the IKE and IPsec proposal lists to be used.

•

Enable the routing option Dynamically add route to the remote network when tunnel
established.

5.

Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with the following
parameters:

•

Set Inner IP Address to ip_int

•

Set Tunnel Protocol to L2TP

•

Set Outer Interface Filter to ipsec_tunnel

•

Set Outer Server IP to ip_ext

•

Select the Microsoft Point-to-Point Encryption allowed. Since IPsec encryption is used
this can be set to be None only, otherwise double encryption will degrade throughput.

•

Set IP Pool to l2tp_pool.

•

Enable Proxy ARP on the int interface to which the internal network is connected.

•

Make the interface a member of a specific routing table so that routes are automatically
added to that table. Normally the main table is selected.

6.

For user authentication:

•

Define a Local User DB object (let's call this object TrustedUsers).

•

Add individual users to TrustedUsers. This should consist of at least a username and
password combination.

The Group string for a user can also be specified. This is explained in the same step in the
IPsec Roaming Clients section above.

•

Define a User Authentication Rule:

Agent

Auth Source

Src Network

Interface

Client Source IP

PPP

Local

all-nets

l2tp_tunnel

all-nets (0.0.0.0/0)

7.

To allow traffic through the L2TP tunnel the following rules should be defined in the IP rule
set:

9.2.4. L2TP Roaming Clients with
Pre-Shared Keys

Chapter 9. VPN

235