beautypg.com

L2tp, Setting up an l2tp server – D-Link DFL-2500 User Manual

Page 261

background image

gw-world:/> add Interface L2TPServer MyPPTPServer ServerIP=lan_ip Interface=any

IP=wan_ip IPPool=pp2p_Pool TunnelProtocol=PPTP AllowedRoutes=all-nets

Web Interface

1.

Go to Interfaces > L2TP Servers > Add > L2TPServer

2.

Enter a name for the PPTP Server eg. MyPPTPServer.

3.

Now enter:

Inner IP Address: lan_ip

Tunnel Protocol: PPTP

Outer Interface Filter: any

Outer Server IP: wan_ip

4.

Under the PPP Parameters tab, select pptp_Pool in the IP Pool control

5.

Under the Add Route tab, select all_nets from Allowed Networks

6.

Click OK

Use User Authentication Rules is enabled as default. To be able to authenticate the users using the PPTP
tunnel you also need to configure authentication rules, which will not be covered in this example.

9.5.2. L2TP

Layer 2 Tunneling protocol (L2TP) is an IETF open standard that overcomes many of the problems
of PPTP. Its design is a combination of Layer 2 Forwarding (L2F) protocol and PPTP, making use
of the best features of both. Since the L2TP standard does not implement encryption , it is usually
implemented with an IETF standard known as L2TP/IPsec, in which L2TP packets are encapsulated
by IPsec. The client communicates with a Local Access Concentrator (LAC) and the LAC
communicates across the Internet with a L2TP Network Server (LNS). The D-Link Firewall acts as
the LNS. The LAC is, in effect, tunneling data, such as a PPP session, using IPsec to the LNS across
the Internet. In most cases the client will itself act as the LAC.

L2TP is certificate based and therefore is simpler to administer with a large number of clients and
arguably offers better security than PPTP. Unlike PPTP, it is possible to set up multiple virtual
networks across a single tunnel. Being IPsec based, L2TP requires NAT traversal (NAT-T) to be
implemented on the LNS side of the tunnel.

Example 9.11. Setting up an L2TP server

This example shows how to setup a L2TP Network Server. The example presumes that you have created some
address objects in the Address Book. You will have to specify the IP address of the L2TP server interface, an
outer IP address (that the L2TP server should listen to) and an IP pool that the L2TP server will use to give out IP
addresses to the clients from. The interface that the L2TP server will accept connections on is a virtual IPsec
tunnel, not illustrated in this example.

CLI

gw-world:/> add Interface L2TPServer MyL2TPServer ServerIP=ip_l2tp

Interface=l2tp_ipsec IP=wan_ip IPPool=L2TP_Pool TunnelProtocol=L2TP
AllowedRoutes=all-nets

Web Interface

1.

Go to Interfaces > L2TP Servers > Add > L2TPServer

2.

Enter a suitable name for the L2TP Server, eg. MyL2TPServer

9.5.2. L2TP

Chapter 9. VPN

261