beautypg.com

D-Link DFL-2500 User Manual

Page 263

background image

DHCPOverIPsec=Yes AddRouteToRemoteNet=Yes IPsecLifeTimeKilobytes=250000
IPsecLifeTimeSeconds=3600

Web Interface

1.

Go to Interfaces > IPsec > Add > IPsec Tunnel

2.

Enter a name for the IPsec tunnel, eg. l2tp_ipsec

3.

Now enter:

a.

Local Network: wan_ip

b.

Remote Network: all-nets

c.

Remote Endpoint: none

d.

Encapsulation Mode: Transport

e.

IKE Proposal List: ike-roamingclients

f.

IPsec Proposal List: esp-l2tptunnel

4.

Enter 3600 in the IPsec Life Time seconds control

5.

Enter 250000 in the IPsec Life Time kilobytes control

6.

Under the Authentication tab, select Pre-shared Key

7.

Select MyPSK in the Pre-shared Key control

8.

Under the Routing tab, check the following controls:

Allow DHCP over IPsec from single-host clients

Dynamically add route to the remote network when a tunnel is established

9.

Click OK

Now it is time to setup the L2TP Server. The inner IP address should be a part of the network which the clients
are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that the L2TP server will
accept connections on, this will be the earlier created l2tp_ipsec. Also a ProxyARP needs to be configured for the
IP's used by the L2TP Clients.

C. Setup the L2TP Tunnel:

CLI

gw-world:/> add Interface L2TPServer l2tp_tunnel IP=lan_ip Interface=l2tp_ipsec

ServerIP=wan_ip IPPool=l2tp_pool TunnelProtocol=L2TP
AllowedRoutes=all-nets ProxyARPInterfaces=lan

Web Interface

1.

Go to Interfaces > L2TP Servers > Add > L2TPServer

2.

Enter a name for the L2TP tunnel, eg. l2tp_tunnel

3.

Now enter:

Inner IP Address: lan_ip

Tunnel Protocol: L2TP

Outer Interface Filter: l2tp_ipsec

Server IP: wan_ip

4.

Under the PPP Parameters tab, check the Use User Authentication Rules control

5.

Select l2tp_pool in the IP Pool control

6.

Under the Add Route tab, select all-nets in the Allowed Networks control.

9.5.2. L2TP

Chapter 9. VPN

263