0
edits
Changes
no edit summary
* '''Server configuration''':
* '''Server configuration''':
[[File:L2tpoveripsecl2tpserverconfiguration new.png|left]]
[[File:L2tpoveripsecl2tpserverconfiguration new.png|left]]
* '''Enable''' - when checked, enables the instance
* '''Local IP''' - the server's virtual IP address
* '''Remote IP range''' parameters - the range of virtual IP addresses that will be assigned to connecting clients
* '''User name''' and '''Password''' - authentication information used to authenticate connecting clients
----
===IPsec===
----
Next, you must configure a working IPsec transport connection. This subsection contains instructions on how to do just that. The relevant parameters will be encapsulated <span style="color:red">'''in red rectangles'''</span>. Explanations about these parameters will be provided under each example. Other used parameters will be defaults; you can find explanations for those parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''.
Login to the router's WebUI and navigate to '''Services → VPN → IPsec'''. Enter a custom name for your IPsec instance and click the "Add" button. Then click the "Edit" button located next to the newly created instance after which you will redirected to that instance's configuration window. Adhere to the configurations presented in the figure below:
[[File:L2tpoveripsecserver1.png|left|L2tpoveripsecserver1]]
[[File:L2tpoveripsecserver2.png|left|L2tpoveripsecserver2]]
* '''Remote VPN endpoint''' - IP address or hostname of the remote IPsec instance. '''Leave empty''' for the server configuration
* '''Enable''' - if checked, enables the IPsec instance
* '''Authentication method''' - different authentication methods between the peers. For this configuration we select '''Pre-shared key'''
* '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance
* '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode.
* '''Bind to''' - a shared password used for authentication between the peers. The value of this field must match the other instance
