0
edits
Changes
Created page with "==Introduction== Because of the lack of confidentiality inherent in the '''Layer 2 Networking Protocol''' ('''L2TP''') protocol, '''Internet Protocol Security''' ('''IPsec'''..."
==Introduction==
Because of the lack of confidentiality inherent in the '''Layer 2 Networking Protocol''' ('''L2TP''') protocol, '''Internet Protocol Security''' ('''IPsec''') is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as '''L2TP over IPsec''' (or simply '''L2TP/IPsec''').
This article provides a guide on how to configure L2TP/IPsec on RUTxxx routers, to establish a connection with clients on their personal computers. It should also be noted that this guide is aimed at more advanced users and, therefore, skips some of the more self-explanatory steps in order to preserve the overall coherence of the article. For example, instead of showing how to add new instances step by step, it is only mentioned in a short sentence. If you feel this lack of information impedes your ability to configure the setup, we suggest you check out our separate configuration guides on '''[[IPsec configuration examples|IPsec]]''' and '''[[L2TP configuration examples|L2TP]]''' for reference.
''Click'' '''[[L2TP over IPsec| Here]]''' ''for a user's manual based on the old style WebUI (FW version RUT9XX_R_00.06.08.6 and earlier).''
==Configuration overview and prerequisites==
Before we begin, let's overview the configuration that we are attempting to achieve and the prerequisites that make it possible.
'''Prerequisites''':
* One RUTxxx router of any type (excluding [[RUT850]]) with a Public Static or Public Dynamic IP addresses
* At least one end device (PC, Laptop, Tablet, Smartphone) to configure the routers and connect to the VPN.
----
'''Configuration scheme''':
The figure above shows the L2TP/IPsec scheme. It is quite similar to the [[L2TP_configuration_examples#Configuration_overview_and_prerequisites|L2TP]] and [[IPsec_configuration_examples#Configuration_overview_and_prerequisites|IPsec]] configuration schemes - the router with the public IP address (''RUT'') acts as the L2TP/IPsec server and a ''PC'' acts as the client. L2TP connects the RUT and PC networks and IPsec provides the encryption for the L2TP tunnel.
When the scheme is realized, the L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden inside the IPsec packet, the original source and destination IP address is encrypted inside the packet.
==Router configuration==
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the router using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on ''RUT''; an L2TP/IPsec client on ''PC''.
Because of the lack of confidentiality inherent in the '''Layer 2 Networking Protocol''' ('''L2TP''') protocol, '''Internet Protocol Security''' ('''IPsec''') is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as '''L2TP over IPsec''' (or simply '''L2TP/IPsec''').
This article provides a guide on how to configure L2TP/IPsec on RUTxxx routers, to establish a connection with clients on their personal computers. It should also be noted that this guide is aimed at more advanced users and, therefore, skips some of the more self-explanatory steps in order to preserve the overall coherence of the article. For example, instead of showing how to add new instances step by step, it is only mentioned in a short sentence. If you feel this lack of information impedes your ability to configure the setup, we suggest you check out our separate configuration guides on '''[[IPsec configuration examples|IPsec]]''' and '''[[L2TP configuration examples|L2TP]]''' for reference.
''Click'' '''[[L2TP over IPsec| Here]]''' ''for a user's manual based on the old style WebUI (FW version RUT9XX_R_00.06.08.6 and earlier).''
==Configuration overview and prerequisites==
Before we begin, let's overview the configuration that we are attempting to achieve and the prerequisites that make it possible.
'''Prerequisites''':
* One RUTxxx router of any type (excluding [[RUT850]]) with a Public Static or Public Dynamic IP addresses
* At least one end device (PC, Laptop, Tablet, Smartphone) to configure the routers and connect to the VPN.
----
'''Configuration scheme''':
The figure above shows the L2TP/IPsec scheme. It is quite similar to the [[L2TP_configuration_examples#Configuration_overview_and_prerequisites|L2TP]] and [[IPsec_configuration_examples#Configuration_overview_and_prerequisites|IPsec]] configuration schemes - the router with the public IP address (''RUT'') acts as the L2TP/IPsec server and a ''PC'' acts as the client. L2TP connects the RUT and PC networks and IPsec provides the encryption for the L2TP tunnel.
When the scheme is realized, the L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden inside the IPsec packet, the original source and destination IP address is encrypted inside the packet.
==Router configuration==
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the router using instructions provided in this section. To summarize, we'll be configuring an L2TP server and an IPsec Transport instance (server) on ''RUT''; an L2TP/IPsec client on ''PC''.