L2TP configuration examples RutOS: Difference between revisions

From Teltonika Networks Wiki
VisualWikitext
(Created page with "==Introduction== '''Layer 2 Tunneling Protocol''' ('''L2TP''') is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services...")
 
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 3: Line 3:
'''Layer 2 Tunneling Protocol''' ('''L2TP''') is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
'''Layer 2 Tunneling Protocol''' ('''L2TP''') is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.


This article provides an extensive configuration example with details on how to create a connection between an L2TP Server and Client, both of which configured on RUTxxx routers. If you wish to learn how to encrypt the traffic of your L2TP tunnel, we suggest you take a look at our '''[[L2TP over IPsec]]''' article.
This article provides an extensive configuration example with details on how to create a connection between an L2TP Server and a Client, both of which are configured on RUTxxx routers. If you wish to learn how to encrypt the traffic of your L2TP tunnel, we suggest you take a look at our '''[[L2TP over IPsec]]''' article.


==Configuration overview and prerequisites==
==Configuration overview and prerequisites==
Line 11: Line 11:
'''Prerequisites''':
'''Prerequisites''':


*Two RUTxxx routers of any type (excluding [[RUT850]])
*Two RUTxxx routers of any type
*A SIM card with a Public Static or Public Dynamic IP address for the L2TP Server
*A SIM card with a Public Static or Public Dynamic IP address for the L2TP Server
*An end device (PC, Laptop, Tablet, Smartphone) to configure the routers
*An end device (PC, Laptop, Tablet, Smartphone) to configure the routers
Line 20: Line 20:
[[File:Configuration examples l2tp scheme.png]]
[[File:Configuration examples l2tp scheme.png]]


As indicated by the figure above, the configuration we are trying to achieve here is very basic: it concerns two RUTxxx routers - RUT1 and RUT2. One functions as an L2TP Server, the other - an L2TP Client. They are connected into a virtual network via an L2TP Tunnel.
As indicated by the figure above, the configuration we are trying to achieve here is very basic: it concerns two RUTxxx routers - RUT1 and RUT2. One functions as an L2TP Server, and the other - is an L2TP Client. They are connected to a virtual network via an L2TP Tunnel.


==Router configuration==
==Router configuration==


If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section.
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using the instructions provided in this section.


===L2TP Server (RUT1)===
===L2TP Server (RUT1)===
Line 31: Line 31:
----
----


*Login to the router's WebUI and go to '''Services → VPN → L2TP'''. Select '''Role: Server''', enter a name for the new instance and click the "Add" button:
<table class="nd-othertables_2">
    <tr>
        <th width=355; style="border-bottom: 1px solid white;></th>
        <th width=790; style="border-bottom: 1px solid white;" rowspan=2> [[File:RutOS_L2TP_IPsec_VPN_7,8_add_L2TP_Server.png|770px|right]]</th>
    </tr>
    <tr>
        <td style="border-bottom: 1px solid white;>
Login to the router's WebUI and navigate to the '''Services → VPN → L2TP''' page and do the following:
<ol>
    <li>Select '''Role: Server'''.</li>
    <li>Enter a '''custom configuration name'''.</li>
    <li>Click the '''Add''' button. You will be prompted to the configuration window</li>
</ol>
        </td>
    </tr>
</table>


[[File:Creating an l2tp server part 1 v1.png]]
----
----


*Click the "Edit" button located to the right of the newly created L2TP Server to enter the instance's settings window. The configuration is fairly simple, just remember to '''Enable''' the instance:
<table class="nd-othertables_2">
    <tr>
        <th width=355; style="border-bottom: 1px solid white;></th>
        <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_L2TP_IPsec_VPN_7,8_add_L2TP_Server_config.png|770px|right]]</th>
    </tr>
    <tr>
        <td style="border-bottom: 1px solid white>
<ol>
    <li>'''Enable''' the L2TP instance.</li>
    <li>Click on the '''Add''' button to add a new user</li>
    <li>Enter a '''User name''' and '''Password''' for authentication for the client.</li>
    <li>Optionally, set a fixed IP for this client (if left empty, the client will receive the first free IP from the IP range).</li>
    <li>Don't forget to '''Save''' the changes.</li>
</ol>
        </td>
    </tr>
</table>


[[File:Creating an l2tp server part 2 v1.png]]
===L2TP Client (RUT2)===
----
----


*The rest of the parameters are user preferential so you should set them as you see fit. A short explanation on these parameters is provided below:
*Now let's configure the L2TP '''Client'''.
**'''Local IP''' defines the server's virtual IP address
**'''Remote IP range''' parameters define the range of virtual IP addresses that will be assigned to connecting clients
**'''User name''' and '''Password''' parameters define a client's authentication info


Once you're done setting these parameters don't forget to click the '''Save''' button.
<table class="nd-othertables_2">
    <tr>
        <th width=355; style="border-bottom: 1px solid white;></th>
        <th width=790; style="border-bottom: 1px solid white;" rowspan=2> [[File:RutOS_L2TP_IPsec_VPN_7,8_1.png|770px|right]]</th>
    </tr>
    <tr>
        <td style="border-bottom: 1px solid white;>
Login to the router's WebUI and navigate to the '''Services → VPN → L2TP''' page and do the following:
<ol>
    <li>Select '''Role: Client'''.</li>
    <li>Enter a '''custom configuration name'''.</li>
    <li>Click the '''Add''' button. You will be prompted to the configuration window</li>
</ol>
        </td>
    </tr>
</table>


===L2TP Client (RUT2)===
----
----


*Now let's configure the L2TP '''Client'''. Login to the router's WebUI and go to '''Services → VPN → L2TP'''. Select '''Role: Client''', enter a name for the new instance and click the "Add" button:
<table class="nd-othertables_2">
 
    <tr>
[[File:Creating an l2tp client part 1 v1.png]]
        <th width=355; style="border-bottom: 1px solid white;></th>
----
        <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_L2TP_IPsec_VPN_7,8_2.png|770px|right]]</th>
    </tr>
    <tr>
        <td style="border-bottom: 1px solid white>
<ol>
    <li>'''Enable''' the L2TP instance.</li>
    <li>Enter the '''Public IP''' of RUT1</li>
    <li>Enter the '''Username''' that we created on RUT1</li>
    <li>Enter the '''Password''' that we created on RUT1</li>
    <li>Don't forget to '''Save''' the changes.</li>
</ol>
        </td>
    </tr>
</table>


*Click the "Edit" button located to the right of the newly created L2TP Client to enter the instance's settings window. In the settings window, '''Enable''' the L2TP instance, specify the server's '''Public (WAN) IP address''' and the '''client's authentication''' info as specified in the server's configuration:
[[File:Creating an l2tp client part 2 v1.png]]
Once this is done, don't forget to save the changes.
----


*'''Optional''': if you plan on using the server as a web proxy, you should also enable the '''Default route''' option in the client's configuration:
*'''Note:''' ''if you plan on using the server as a web proxy, you should also enable the '''Default route''' option in the client's configuration.''


[[File:How set up l2tp proxy part 3 v1.png]]


==Testing the setup==
==Testing the setup==
Line 71: Line 118:
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. In order to test an L2TP connection, login to one of the routers' WebUIs and go to '''Services → CLI'''. Login with user name: '''root''' and the router's admin password. You should then be able to '''ping''' the opposite instance, i.e., if you logged in to the server's CLI, you should be able to ping the client's virtual IP address, and vice versa. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. In order to test an L2TP connection, login to one of the routers' WebUIs and go to '''Services → CLI'''. Login with user name: '''root''' and the router's admin password. You should then be able to '''ping''' the opposite instance, i.e., if you logged in to the server's CLI, you should be able to ping the client's virtual IP address, and vice versa. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:


[[File:Configuration example l2tp pptp testing.png]]
[[File:Networking rutxxx configuration examples l2tp ping v1.jpg|border|class=tlt-border]]


If the ping requests are successful, congratulations, your setup works! If not, we suggest that you review all steps once more.
If the ping requests are successful, congratulations, your setup works! If not, we suggest that you review all the steps once more.


If you're using the server as a web proxy, end devices connected to the L2TP client router should have the Public IP address of the L2TP server. You can visit this website to check the Public IP address: http://www.whatsmyip.org/
If you're using the server as a web proxy, end devices connected to the L2TP client router should have the Public IP address of the L2TP server. You can visit this website to check the Public IP address: http://www.whatsmyip.org/
Line 81: Line 128:
*[[L2TP over IPsec]]
*[[L2TP over IPsec]]
*Other types of VPNs suported by RUTxxx devices:
*Other types of VPNs suported by RUTxxx devices:
**[[OpenVPN configuration examples]]
**[[OpenVPN configuration examples|OpenVPN configuration examples]]
**[[IPsec configuration examples]]
**[[IPsec RUTOS configuration example|IPsec configuration examples]]
**[[GRE Tunnel configuration examples]]
**[[GRE Tunnel configuration examples RutOS|GRE Tunnel configuration examples]]
**[[PPTP configuration examples]]
**[[PPTP configuration examples RutOS|PPTP configuration examples]]
[[Category:VPN]]

Latest revision as of 11:13, 20 August 2024

Main Page > General Information > Configuration Examples > VPN > L2TP configuration examples RutOS

Introduction

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.

This article provides an extensive configuration example with details on how to create a connection between an L2TP Server and a Client, both of which are configured on RUTxxx routers. If you wish to learn how to encrypt the traffic of your L2TP tunnel, we suggest you take a look at our L2TP over IPsec article.

Configuration overview and prerequisites

Before we begin, let's overview the configuration that we are attempting to achieve and the prerequisites that make it possible.

Prerequisites:

  • Two RUTxxx routers of any type
  • A SIM card with a Public Static or Public Dynamic IP address for the L2TP Server
  • An end device (PC, Laptop, Tablet, Smartphone) to configure the routers

Configuration scheme:

As indicated by the figure above, the configuration we are trying to achieve here is very basic: it concerns two RUTxxx routers - RUT1 and RUT2. One functions as an L2TP Server, and the other - is an L2TP Client. They are connected to a virtual network via an L2TP Tunnel.

Router configuration

If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using the instructions provided in this section.

L2TP Server (RUT1)

As mentioned in the prerequisites section, the router that acts as the server must have a Public Static or Public Dynamic IP address (more information on the subject can be found here). If that is in order, we should start configuring the server.

Login to the router's WebUI and navigate to the Services → VPN → L2TP page and do the following:

  1. Select Role: Server.
  2. Enter a custom configuration name.
  3. Click the Add button. You will be prompted to the configuration window
  1. Enable the L2TP instance.
  2. Click on the Add button to add a new user
  3. Enter a User name and Password for authentication for the client.
  4. Optionally, set a fixed IP for this client (if left empty, the client will receive the first free IP from the IP range).
  5. Don't forget to Save the changes.

L2TP Client (RUT2)

  • Now let's configure the L2TP Client.

Login to the router's WebUI and navigate to the Services → VPN → L2TP page and do the following:

  1. Select Role: Client.
  2. Enter a custom configuration name.
  3. Click the Add button. You will be prompted to the configuration window
  1. Enable the L2TP instance.
  2. Enter the Public IP of RUT1
  3. Enter the Username that we created on RUT1
  4. Enter the Password that we created on RUT1
  5. Don't forget to Save the changes.


  • Note: if you plan on using the server as a web proxy, you should also enable the Default route option in the client's configuration.


Testing the setup

If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. In order to test an L2TP connection, login to one of the routers' WebUIs and go to Services → CLI. Login with user name: root and the router's admin password. You should then be able to ping the opposite instance, i.e., if you logged in to the server's CLI, you should be able to ping the client's virtual IP address, and vice versa. To use a ping command, type ping <ip_address> and press the "Enter" key on your keyboard:

If the ping requests are successful, congratulations, your setup works! If not, we suggest that you review all the steps once more.

If you're using the server as a web proxy, end devices connected to the L2TP client router should have the Public IP address of the L2TP server. You can visit this website to check the Public IP address: http://www.whatsmyip.org/

See also

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=L2TP_configuration_examples_RutOS&oldid=130920"