D-Link DFL-2500 User Manual
Page 263
DHCPOverIPsec=Yes AddRouteToRemoteNet=Yes IPsecLifeTimeKilobytes=250000
IPsecLifeTimeSeconds=3600
Web Interface
1.
Go to Interfaces > IPsec > Add > IPsec Tunnel
2.
Enter a name for the IPsec tunnel, eg. l2tp_ipsec
3.
Now enter:
a.
Local Network: wan_ip
b.
Remote Network: all-nets
c.
Remote Endpoint: none
d.
Encapsulation Mode: Transport
e.
IKE Proposal List: ike-roamingclients
f.
IPsec Proposal List: esp-l2tptunnel
4.
Enter 3600 in the IPsec Life Time seconds control
5.
Enter 250000 in the IPsec Life Time kilobytes control
6.
Under the Authentication tab, select Pre-shared Key
7.
Select MyPSK in the Pre-shared Key control
8.
Under the Routing tab, check the following controls:
•
Allow DHCP over IPsec from single-host clients
•
Dynamically add route to the remote network when a tunnel is established
9.
Click OK
Now it is time to setup the L2TP Server. The inner IP address should be a part of the network which the clients
are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that the L2TP server will
accept connections on, this will be the earlier created l2tp_ipsec. Also a ProxyARP needs to be configured for the
IP's used by the L2TP Clients.
C. Setup the L2TP Tunnel:
CLI
gw-world:/> add Interface L2TPServer l2tp_tunnel IP=lan_ip Interface=l2tp_ipsec
ServerIP=wan_ip IPPool=l2tp_pool TunnelProtocol=L2TP
AllowedRoutes=all-nets ProxyARPInterfaces=lan
Web Interface
1.
Go to Interfaces > L2TP Servers > Add > L2TPServer
2.
Enter a name for the L2TP tunnel, eg. l2tp_tunnel
3.
Now enter:
•
Inner IP Address: lan_ip
•
Tunnel Protocol: L2TP
•
Outer Interface Filter: l2tp_ipsec
•
Server IP: wan_ip
4.
Under the PPP Parameters tab, check the Use User Authentication Rules control
5.
Select l2tp_pool in the IP Pool control
6.
Under the Add Route tab, select all-nets in the Allowed Networks control.
9.5.2. L2TP
Chapter 9. VPN
263