31,703
edits
Changes
→See also
==Introduction==
==Introduction==
Layer 2 Tunneling Protocol (L2TP) is a VPN tunneling protocol that allows remote clients to use the public IP network to securely communicate with private corporate network servers. L2TP uses PPP over UDP (port 1701) to tunnel the data.
Because of the lack of confidentiality inherent in the '''Layer 2 Networking Protocol''' ('''L2TP''') protocol, '''Internet Protocol Security''' ('''IPsec''') is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as '''L2TP over IPsec''' (or simply '''L2TP/IPsec''').
This article provides a guide on how to configure L2TP/IPsec on RUTxxx routers. It should also be noted that this guide is aimed at more advanced users and, therefore, skips some of the more self-explanatory steps in order to preserve the overall coherence of the article. For example, instead of showing how to add new instances step by step, it is only mentioned in a short sentence. If you feel this lack of information impedes your ability to configure the setup, we suggest you check out our separate configuration guides on '''[[IPsec configuration examples|IPsec]]''' and '''[[L2TP configuration examples|L2TP]]''' for reference.
==Configuration overview and prerequisites==
==Configuration overview and prerequisites==
[[File:Configuration examples l2tp over ipsec scheme.png]]
[[File:Configuration examples l2tp over ipsec scheme.png]]
The figure above depicts the L2TP/IPsec scheme. It is fairly similar to the [[L2TP_configuration_examples#Configuration_overview_and_prerequisites|L2TP]] and [[IPsec_configuration_examples#Configuration_overview_and_prerequisites|IPsec]] configuration schemes - the router with the Public IP address (''RUT1'') acts as the L2TP/IPsec server and the other router (''RUT'') acts a client. L2TP connects the networks of ''RUT1'' and ''RUT2'' and IPsec provides the encryption for the L2TP tunnel.
The figure above depicts the L2TP/IPsec scheme. It is fairly similar to the [[L2TP_configuration_examples#Configuration_overview_and_prerequisites|L2TP]] and [[IPsec_configuration_examples#Configuration_overview_and_prerequisites|IPsec]] configuration schemes - the router with the Public IP address (''RUT1'') acts as the L2TP/IPsec server and the other router (''RUT'') acts a client. L2TP connects the networks of ''RUT1'' and ''RUT2'' and IPsec provides the encryption for the L2TP tunnel.
When the scheme is realized, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, the original source and destination IP address is encrypted within the packet.
==Router configuration==
==Router configuration==
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on ''RUT1''; an L2TP client and an IPsec Transport instance (client) on ''RUT2''.
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on ''RUT1''; an L2TP client and an IPsec Transport instance (client) on ''RUT2''.
===IPsec===
===IPsec===
----
----
* '''Server''' - L2TP server's Public IP address
* '''Server''' - L2TP server's Public IP address
* '''User name''' and '''Password''' - authentication information. Used the values specified in the Server's configuration
* '''User name''' and '''Password''' - authentication information. Used the values specified in the Server's configuration
==Testing the setup==
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. We already tested the IPsec connection in the '''[[L2TP_over_IPsec#Testing_the_connection|3.1.3]]''' section of this article. To test an L2TP connection, login to one of the routers' WebUIs and go to '''Services → CLI'''. Login with user name: '''root''' and the router's admin password. You should then be able to '''ping''' the opposite instance, i.e., if you logged in to the server's CLI, you should be able to ping the client's virtual IP address, and vice versa. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:
[[File:Configuration example l2tp pptp testing.png]]
If the ping requests are successful, congratulations, your setup works! If not, we suggest that you review all steps once more.
While you're connected to the Command Line Interface, you can also check the IPsec connection status again just to be safe. If you don't remember how to do that, refer to the '''[[L2TP_over_IPsec#Testing_the_connection|3.1.3]]''' section of this article.
==See also==
==See also==
** [[L2TP configuration examples]]
** [[L2TP configuration examples]]
** [[IPsec configuration examples]]
** [[IPsec configuration examples]]
** [[GRE Tunnel configuration examples]]
** [[OpenVPN configuration examples]]
** [[OpenVPN configuration examples]]
** [[PPTP configuration examples]]
** [[PPTP configuration examples]]
