• Dynamically add route to the remote network when a tunnel is established
9. Click OK
Now it is time to setup the L2TP Server. The inner IP address should be a part of the network which the clients
are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that the L2TP server will
accept connections on, this will be the earlier created l2tp_ipsec. ProxyARP also needs to be configured for the
IPs used by the L2TP Clients.
C. Setup the L2TP Tunnel:
Command-Line Interface
gw-world:/> add Interface L2TPServer l2tp_tunnel
IP=lan_ip
Interface=l2tp_ipsec
ServerIP=wan_ip
IPPool=l2tp_pool
TunnelProtocol=L2TP
AllowedRoutes=all-nets
ProxyARPInterfaces=lan
Web Interface
1. Go to: Interfaces > L2TP Servers > Add > L2TPServer
2. Enter a name for the L2TP tunnel, for example l2tp_tunnel
3. Now enter:
• Inner IP Address: lan_ip
• Tunnel Protocol: L2TP
• Outer Interface Filter: l2tp_ipsec
• Server IP: wan_ip
4. Under the PPP Parameters tab, check the Use User Authentication Rules control
5. Select l2tp_pool in the IP Pool control
6. Under the Add Route tab, select all-nets in the Allowed Networks control
7. In the ProxyARP control, select the lan interface
8. Click OK
In order to authenticate the users using the L2TP tunnel, a user authentication rule needs to be configured.
D. Next will be setting up the authentication rules:
Command-Line Interface
gw-world:/> add UserAuthRule AuthSource=Local
Interface=l2tp_tunnel
OriginatorIP=all-nets
LocalUserDB=UserDB
agent=PPP TerminatorIP=wan_ip
name=L2TP_Auth
Web Interface
1. Go to: User Authentication > User Authentication Rules > Add > UserAuthRule
2. Enter a suitable name for the rule, for example L2TP_Auth
3. Now enter:
• Agent: PPP
9.5.2. L2TP Servers Chapter 9. VPN
461
To Next Page
Loading...
