4 l2tp server setup, 5 l2tp server users – Allied Telesis AT-WR4500 User Manual

164

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

RouterOS v3 Configuration and User Guide

8.5.4

L2TP Server Setup

Submenu level: /interface l2tp-server server

Description

The L2TP server creates a dynamic interface for each connected L2TP client. The L2TP connection count
from clients depends on the license level you have. Level1 license allows 1 L2TP client, Level3 or Level4
licenses up to 200 clients, and Level5 or Level6 licenses do not have L2TP client limitations.
To create L2TP users, you should consult the

PPP secret

and

PPP Profile

manuals. It is also possible

to use the RouterOS router as a RADIUS client to register the L2TP users, see the

manual

how to do

it.

Property Description

authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) – authentication
algorithm
default-profile - default profile to use
enabled (yes | no; default: no) - defines whether L2TP server is enabled or not
keepalive-timeout (time; default: 30) - defines the time period (in seconds) after which the router is
starting to send keepalive packets every second. If no traffic and no keepalive responses has came for that
period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
max-mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MRU of the
interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to
1460 to avoid fragmentation of packets)
max-mtu (integer; default: 1460) - Maximum Transmission Unit. The optimal value is the MTU of the
interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to
1460 to avoid fragmentation of packets)
mrru (integer: 512..65535; default: disabled) - maximum packet size that can be received on the link. If a
packet is bigger than tunnel MTU, it will be split into multiple packets, allowing full size IP or Ethernet
packets to be sent over the tunnel
disabled - disable MRRU on this link

Example

To enable L2TP server:

[admin@AT-WR4562] interface l2tp-server server> set enabled=yes
[admin@AT-WR4562] interface l2tp-server server> print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2,mschap1
keepalive-timeout: 30
default-profile: default
[admin@AT-WR4562] interface l2tp-server server>

8.5.5

L2TP Server Users

Submenu level: /interface l2tp-server

Description

There are two types of interface (tunnel) items in PPTP server configuration - static users and dynamic
connections. An interface is created for each tunnel established to the given server. Static interfaces are
added administratively if there is a need to reference the particular interface name (in firewall rules or
elsewhere) created for the particular user. Dynamic interfaces are added to this list automatically
whenever a user is connected and its username does not match any existing static entry (or in case the
entry is active already, as there can not be two separate tunnel interfaces referenced by the same name).
Dynamic interfaces appear when a user connects and disappear once the user disconnects, so it is
impossible to reference the tunnel created for that use in router configuration (for example, in firewall),