FEC Onlineservices
 
Configuration of a L2TP connection between two Bintec router
This FAQ describes the configuration of a connection via L2TP between a X2302 and a VPN Access 25.

1. Scenario

2. Premises:
  • Existing internet connection on both routers.
  • The VPN25 will act as a L2TP-Server (LNS-Mode) with fixed IP address. Release: 7.1.12p2
  • The X2302 will act a L2TP-Client (LAC-Mode) with dynamic IP address. Release: 7.1.15p4

  • 3. Configuration of the VPN 25:
    The VPN 25 will be configured as the L2TP Server in this example. To be reachable out of the internet the router needs to have an official IP address.

    The configuration of the tunnel is done in the Setup Menu under the submenu L2TP.

    First you change the "Port usage for LNS mode " to  "single"

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [L2TP][STATIC]: L2TP Static Settings                                      vpn25
    _______________________________________________________________________________
     

         UDP port number for LNS mode       1701

         Port usage for LNS mode            single

      
                             SAVE                          CANCEL
    _______________________________________________________________________________
    Configuration of the L2TP tunnel profile:

    Please append a new profile under "L2TP" in the menu "Tunnel Profiles"  with "ADD".

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [L2TP][TUNNEL PROFILES][EDIT]: Configure L2TP tunnels                     vpn25
    _______________________________________________________________________________


         Profile Name                   l2tp1
         Local IP Address               192.168.100.1
         Local UDP Port (LAC only)      0
         Local Hostname
         Remote IP Address (LAC only)
         Remote UDP Port (LAC only)     1701
         Remote Hostname
         Tunnel Password                test
         Hello Interval                 30
         Data Packets Sequence Numbers  disabled
         Minimum Time Between Retries   1
         Maximum Time Between Retries   16
         Maximum Retry Count            5

                             SAVE                          CANCEL
    _______________________________________________________________________________
    In the "WAN Partner" menu please append a new entry  for the L2TP connection with "Add". 

    Please choose a "Partner Name" which is unique for this WAN-Partner.

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [WAN][EDIT]: Configure WAN Partner                                        vpn25
    _______________________________________________________________________________

      Partner Name                    l2tp

      Encapsulation                   PPP
      Encryption                      none
      Compression                     none


      PPP >
      Advanced Settings >
     

      IP >
      Bridge >


                             SAVE                          CANCEL
    _______________________________________________________________________________
    Assign a Partner ID, Local ID und Password under "PPP>".

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [WAN][EDIT][PPP]: PPP Settings (l2tp)                                     vpn25
    _______________________________________________________________________________
     

         Authentication               CHAP + PAP
         Partner PPP ID               test
         Local PPP ID                 test
         PPP Password                 test

         Keepalives                   off
         Link Quality Monitoring      off


                             OK                            CANCEL
    _______________________________________________________________________________
    Choose "PPP over L2TP (LNS Mode)" as Layer 1 Protocol in the "Advanced Settings".

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [WAN][EDIT][ADVANCED]: Advanced Settings (l2tp)                           vpn25
    _______________________________________________________________________________


      Callback                              no
      Static Short Hold (sec)               -1
      Idle for Dynamic Short Hold (%)       0
      Delay after Connection Failure (sec)  10
      Layer 1 Protocol                      PPP over L2TP (LNS mode)
      

      Extended Interface Settings (optional) >


      Special Interface Types               none

                        OK                                 CANCEL
    _______________________________________________________________________________
    Please enter the local IP address and netmask of the remote network to which you want to connect to in the menu "IP" --> "Basic IP Settings".

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [WAN][EDIT][IP][BASIC]: IP-Settings (l2tp)                                vpn25
    _______________________________________________________________________________


      IP Transit Network                    no

     
      Local IP Address                      192.168.100.1
     

      Default Route                         no

      Remote IP Address                     192.168.200.0
      Remote Netmask                        255.255.255.0


                        SAVE                               CANCEL
    _______________________________________________________________________________ 
    In order to prevent the incoming L2TP connection to be rejected from NAT you have to enable a NAT unblocking under IP --> Network Address Translation --> Internet-Interface --> Requested from Outside as follows:

    VPN Access 25 Setup Tool                            BinTec Access Networks GmbH
    [IP][NAT][EDIT][OUTSIDE][EDIT]: NAT - sessions from OUTSIDE (internet)    vpn25
    _______________________________________________________________________________


      Service                     user defined
      Protocol                    udp

      Remote Address
      Remote Mask


      External Address
      External Mask
      External Port               specify          Port  1701

      Internal Address            127.0.0.1
      Internal Mask               255.255.255.255
      Internal Port               any

                        SAVE                               CANCEL
    _______________________________________________________________________________
    The configuration of the VPN 25 is finished now. Leave the Setup with "Exit" and "Save as Boot Configuration and Exit".

    4. Configuration X2302

    Please change "Port usage for LNS mode" to "single" in the submenu "L2TP"--> "Static Settings".

    X2302 Setup Tool                                    Bintec Access Networks GmbH
    [L2TP][STATIC]: L2TP Static Settings                                      x2302
    _______________________________________________________________________________

     
         UDP port number for LNS mode       1701

         Port usage for LNS mode            single
     

                             SAVE                          CANCEL
    _______________________________________________________________________________
    Please add a new tunnel profile in the submenu "Tunnel Profiles":

    X2302 Setup Tool                                    Bintec Access Networks GmbH
    [L2TP][TUNNEL PROFILES][EDIT]: Configure L2TP tunnels                     x2302
    _______________________________________________________________________________
     

         Profile Name                   l2tp1
         Local IP Address               192.168.200.1
         Local UDP Port (LAC only)      0
         Local Hostname
         Remote IP Address (LAC only)   145.254.236.149
         Remote UDP Port (LAC only)     1701
         Remote Hostname
         Tunnel Password                test
         Hello Interval                 30
         Data Packets Sequence Numbers  disabled
         Minimum Time Between Retries   1
         Maximum Time Between Retries   16
         Maximum Retry Count            5

                             SAVE                          CANCEL
    _______________________________________________________________________________
    In the Setup main menu please configure a new WAN Partner accroding to the VPN 25.

    X2302 Setup Tool                                    Bintec Access Networks GmbH
    [WAN][ADD]: Configure WAN Partner                                         x2302
    _______________________________________________________________________________

      Partner Name                    l2tp

      Encapsulation                   PPP


      PPP >
      Advanced Settings >
     

      IP >
     

                             SAVE                          CANCEL
    _______________________________________________________________________________
    Please enter the data for Partner ID, Local ID and Password in the "PPP" submenu.

    X2302 Setup Tool                                    Bintec Access Networks GmbH
    [WAN][ADD][PPP]: PPP Settings (l2tp)                                      x2302
    _______________________________________________________________________________
     

         Authentication               CHAP + PAP
         Partner PPP ID               test
         Local PPP ID                 test
         PPP Password                 test

         Keepalives                   off
         Link Quality Monitoring      off

     

                             OK                            CANCEL
    _______________________________________________________________________________
    Choose "PPP over L2TP (LAC Mode) as "Layer 1 Protocol " in the "Advanced Settings" submenu. After choosing the layer 1 protocol you can select the tunnel profile you have configured before.

    X2302 Setup Tool                                    Bintec Access Networks GmbH
    [WAN][ADD][ADVANCED]: Advanced Settings (l2tp)                            x2302
    _______________________________________________________________________________


      Static Short Hold (sec)               -1

      Delay after Connection Failure (sec)  10
      Layer 1 Protocol                      PPP over L2TP (LAC mode)
     

      L2TP Tunnel Profile                   l2tp1


      Special Interface Types               none

                        OK                                 CANCEL
    _______________________________________________________________________________
    The last step under "IP"--> "Basic IP Settings" is to configure the IP network to which the tunnel shall be established.

    X2302 Setup Tool                                    Bintec Access Networks GmbH
    [WAN][ADD][IP][BASIC]: IP-Settings (l2tp)                                 x2302
    _______________________________________________________________________________


      IP Transit Network                    no


      Local IP Address                      192.168.200.1
     

      Default Route                         no

      Remote IP Address                     192.168.100.0
      Remote Netmask                        255.255.255.0


                        SAVE                               CANCEL
    _______________________________________________________________________________
    5. Control messages
    When the connection is successful you should receive messages similar to those below:

    Debug output VPN25:

    00:11:52 INFO/PPP: L2TP SCCRQ (start control connection request) from 84.149.209.219:32782:0 accepted
    00:11:52 INFO/PPP: L2TP SCCRP (start control connection reply) issued to 84.149.209.219:32782:58453
    00:11:53 INFO/PPP: L2TP SCCCN (tunnel establishment confirm) from 84.149.209.219:32782:58453 accepted
    00:11:53 DEBUG/PPP: dialin from <84.149.209.219> to local number <192.168.100.1> (7/0)
    00:11:53 ERR/PPP: no RADIUS server available
    00:11:53 DEBUG/PPP: ?: call accepted, call not identified by number
    00:11:53 INFO/PPP: L2TP ICRQ (incoming call request) from 84.149.209.219:32782:58453/75 accepted
    00:11:53 INFO/PPP: L2TP ICRP (incoming call reply) issued to 84.149.209.219:32782:58453/75
    00:11:53 INFO/PPP: received L2TP ICCN (incoming call connected) from 84.149.209.219:32782:58453/75
    00:11:53 DEBUG/PPP: Layer 1 protocol l2tp
    00:11:53 DEBUG/PPP: ?: set ifSpeed, number of active connections: 0/0/0
    00:11:53 DEBUG/PPP: 10002 authenticated via CHAP_MD5
    00:11:53 DEBUG/PPP: l2tp: set ifSpeed, number of active connections: 0/0/1
    00:11:53 DEBUG/PPP: l2tp: call identified for <test>
    00:11:53 DEBUG/PPP: l2tp: set ifSpeed, number of active connections: 1/1/1
    00:11:53 DEBUG/PPP: l2tp: incoming connection established
    Debug output X2302:

    01:11:54 DEBUG/PPP: l2tp: event: 6, status: 0 (5) -> 1 (5)
    01:11:54 DEBUG/PPP: l2tp: connect to <1>
    01:11:54 INFO/PPP: L2TP SCCRQ (start control connection request) issued to 145.254.236.149:1701:14625
    01:11:54 DEBUG/INET: NAT: new outgoing session on ifc 10001 prot 17 192.168.200.1:1071/84.149.209.219:32782 -> 145.254.236.149:1701
    01:11:54 INFO/PPP: received L2TP SCCRP (start control connection reply) from 145.254.236.149:32769:14625
    01:11:54 INFO/PPP: L2TP SCCCN (start control connection connected) issued to 145.254.236.149:32769:14625
    01:11:54 INFO/PPP: L2TP ICRQ (incoming call request) issued to 145.254.236.149:32769:14625/75
    01:11:54 INFO/PPP: received L2TP ICRP (incoming call reply) from 145.254.236.149:32769:14625/75
    01:11:54 INFO/PPP: L2TP ICCN (incoming call connected) issued to 145.254.236.149:32769:14625/75
    01:11:54 DEBUG/PPP: layer 1 type l2tp
    01:11:55 DEBUG/PPP: l2tp: event: 16, status: 1 (5) -> 8 (1)
    01:11:55 DEBUG/PPP: l2tp: outgoing connection established
    cg

    2013 bintec elmeg GmbH