Difference between revisions of "L2TP over IPsec"
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
− | + | Layer 2 Tunneling Protocol (L2TP) is a VPN tunneling protocol that allows remote clients to use the public IP network to securely communicate with private corporate network servers. L2TP uses PPP over UDP (port 1701) to tunnel the data. | |
− | |||
− | |||
==Configuration overview and prerequisites== | ==Configuration overview and prerequisites== | ||
Line 18: | Line 16: | ||
[[File:Configuration examples l2tp over ipsec scheme.png]] | [[File:Configuration examples l2tp over ipsec scheme.png]] | ||
− | The figure above depicts the L2TP/IPsec scheme. It is fairly similar to the [[L2TP_configuration_examples#Configuration_overview_and_prerequisites|L2TP]] and [[IPsec_configuration_examples#Configuration_overview_and_prerequisites|IPsec]] configuration schemes - the router with the Public IP address (''RUT1'') acts as the L2TP/IPsec server and the other router (''RUT'') acts a client. | + | The figure above depicts the L2TP/IPsec scheme. It is fairly similar to the [[L2TP_configuration_examples#Configuration_overview_and_prerequisites|L2TP]] and [[IPsec_configuration_examples#Configuration_overview_and_prerequisites|IPsec]] configuration schemes - the router with the Public IP address (''RUT1'') acts as the L2TP/IPsec server and the other router (''RUT'') acts a client. L2TP connects the networks of ''RUT1'' and ''RUT2'' and IPsec provides the encryption for the L2TP tunnel. |
− | |||
− | |||
==Router configuration== | ==Router configuration== | ||
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on ''RUT1''; an L2TP client and an IPsec Transport instance (client) on ''RUT2''. | If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on ''RUT1''; an L2TP client and an IPsec Transport instance (client) on ''RUT2''. | ||
− | + | ||
===IPsec=== | ===IPsec=== | ||
---- | ---- | ||
Line 32: | Line 28: | ||
====Server (RUT1)==== | ====Server (RUT1)==== | ||
---- | ---- | ||
− | * | + | * |
[[File:L2tp over ipsec ipsec server.png]] | [[File:L2tp over ipsec ipsec server.png]] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
====Client (RUT2)==== | ====Client (RUT2)==== | ||
---- | ---- | ||
− | * | + | * |
[[File:L2tp over ipsec ipsec client.png]] | [[File:L2tp over ipsec ipsec client.png]] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
====Testing the connection==== | ====Testing the connection==== | ||
---- | ---- | ||
− | When you're done with the configuration, you should test whether it works before you move on. The simplest way to test an IPsec connection is using the '''ipsec status''' command. You can execute this command via a command line interface (CLI). A CLI is present in all RUTxxx routers' WebUIs. To access it, login to one of the routers' WebUI (doesn't matter which one) and navigate to '''Services → CLI'''. Login to CLI with the user name '''root''' and the router's admin password. Then simply the ''ipsec status'' and press the "Enter" key: | + | When you're done with the configuration, you should test whether it works before you move on. The simplest way to test an IPsec connection is using the '''ipsec status''' command. You can execute this command via a command line interface (CLI). A CLI is present in all RUTxxx routers' WebUIs. To access it, login to one of the routers's WebUI (doesn't matter which one) and navigate to '''Services → CLI'''. Login to CLI with the user name '''root''' and the router's admin password. Then simply the ''ipsec status'' and press the "Enter" key: |
[[File:Testing ipsec transport example.png]] | [[File:Testing ipsec transport example.png]] | ||
Line 62: | Line 48: | ||
===L2TP=== | ===L2TP=== | ||
---- | ---- | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==See also== | ==See also== | ||
Line 100: | Line 54: | ||
** [[L2TP configuration examples]] | ** [[L2TP configuration examples]] | ||
** [[IPsec configuration examples]] | ** [[IPsec configuration examples]] | ||
− | |||
** [[OpenVPN configuration examples]] | ** [[OpenVPN configuration examples]] | ||
** [[PPTP configuration examples]] | ** [[PPTP configuration examples]] |
Revision as of 10:00, 8 June 2018
Introduction
Layer 2 Tunneling Protocol (L2TP) is a VPN tunneling protocol that allows remote clients to use the public IP network to securely communicate with private corporate network servers. L2TP uses PPP over UDP (port 1701) to tunnel the data.
Configuration overview and prerequisites
Before we begin, let's overview the configuration that we are attempting to achieve and the prerequisites that make it possible.
Prerequisites:
- Two RUTxxx routers of any type (excluding RUT850)
- At least one router with a Public Static or Public Dynamic IP addresses
- At least one end device (PC, Laptop, Tablet, Smartphone) to configure the routers
Configuration scheme:
The figure above depicts the L2TP/IPsec scheme. It is fairly similar to the L2TP and IPsec configuration schemes - the router with the Public IP address (RUT1) acts as the L2TP/IPsec server and the other router (RUT) acts a client. L2TP connects the networks of RUT1 and RUT2 and IPsec provides the encryption for the L2TP tunnel.
Router configuration
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on RUT1; an L2TP client and an IPsec Transport instance (client) on RUT2.
IPsec
First, you must configure a working IPsec Transport connection. This subsection contains instructions on how to do just that. The relevant parameters will be encapsulated in red rectangles. Explanations about these parameters will be provided under each example. Other used parameters will be defaults; you can find explanations for those parameters in the VPN manual page, IPsec section.
Server (RUT1)
Client (RUT2)
Testing the connection
When you're done with the configuration, you should test whether it works before you move on. The simplest way to test an IPsec connection is using the ipsec status command. You can execute this command via a command line interface (CLI). A CLI is present in all RUTxxx routers' WebUIs. To access it, login to one of the routers's WebUI (doesn't matter which one) and navigate to Services → CLI. Login to CLI with the user name root and the router's admin password. Then simply the ipsec status and press the "Enter" key:
As you can see, executing ipsec status displays the number of active/inactive IPsec connections. If the connection you just configured is the only IPsec connection that you're using, you should a 1 up indication next to Security Associations.
L2TP
See also
- Other types of VPNs suported by RUTxxx devices: