- Table of Contents
-
- 09-L2TP Configuration
- 01-ER G3 Routers L2TP VPN Configuration Examples
- 02-Set Up L2TP VPN Connection by Using Custom iNode Client for Windows
- 03-MER Routers L2TP (LAC-Auto-Initiated Mode) Configuration Examples
- 04-MER Routers L2TP VPN Configuration Examples
- 05-MSR Routers LAC-Auto-Initiated L2TP Tunnel Configuration Examples
- 06-MSR Routers L2TP VPN+RADIUS Server Configuration Examples
- 07-MSR Routers L2TP VPN Configuration Examples (CLI)
- 08-MSR Routers L2TP VPN Configuration Examples
- 09-Setting Up L2TP VPN in macOS
- Related Documents
-
Title | Size | Download |
---|---|---|
05-MSR Routers LAC-Auto-Initiated L2TP Tunnel Configuration Examples | 84.48 KB |
MSR Routers
LAC-Auto-Initiated L2TP Tunnel Configuration Examples
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Introduction
This document provides examples for configuring L2TP VPNs on routers.
Prerequisites
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of L2TP VPN.
Software versions used
This configuration example was created and verified on Version 7.1.064 Feature 6749L15 of the MSR3610 router.
Configuration example
Network configuration
As shown in Figure 1, before PPP users access, establish an LAC-auto-initiated L2TP tunnel between the LAC and LNS. After PPP users access, they access the HQ of the company through the established L2TP tunnel.
Analysis
1. Configure the LAC and LNS separately.
2. Enable tunnel authentication, and set the tunnel authentication key.
3. Host accesses through the established L2TP tunnel.
Procedures
Configuring LAC
Configuring IP addresses for interfaces
# Enter the view of interface GigabitEthernet 0/1 and configure its IP address as 3.3.3.1/24.
<LAC> system-view
[LAC] interface gigabitethernet 0/1
[LAC-GigabitEthernet0/1] ip address 3.3.3.1 24
[LAC-GigabitEthernet0/1] quit
# Enter the view of interface GigabitEthernet 0/2 and configure its IP address as 10.2.0.1/16.
[LAC] interface gigabitethernet 0/2
[LAC-GigabitEthernet0/2] ip address 10.2.0.1 16
[LAC-GigabitEthernet0/2] quit
Configuring L2TP
# Enable L2TP.
[LAC] l2tp enable
# Create L2TP group 1 in LAC mode.
[LAC] l2tp-group 1 mode lac
# Configure the local tunnel name as LAC, and specify LNS IP address 3.3.3.2.
[LAC-l2tp1] tunnel name LAC
[LAC-l2tp1] lns-ip 3.3.3.2
# Enable tunnel authentication, and set the tunnel authentication key to aabbcc.
[LAC-l2tp1] tunnel authentication
[LAC-l2tp1] tunnel password simple aabbcc
[LAC-l2tp1] quit
Configuring a virtual template
# Create interface virtual-PPP 1. On the interface, configure the PPP username as vpdnuser and the password as 123456TESTplat&!, and configure the PPP authentication mode as PAP.
[LAC] interface virtual-ppp 1
[LAC-Virtual-PPP1] ip address ppp-negotiate
[LAC-Virtual-PPP1] ppp pap local-user vpdnuser password simple 123456TESTplat&!
[LAC-Virtual-PPP1] quit
Configuring routing
# Configure a private network route, so that the packets to the HQ of the company are forwarded through an L2TP tunnel.
[LAC] ip route-static 10.1.0.0 16 virtual-ppp 1
Configuring the tunnel
# Trigger the LAC to automatically establish an L2TP tunnel.
[LAC] interface virtual-ppp 1
[LAC-Virtual-PPP1] l2tp-auto-client l2tp-group 1
Configuring LNS
Configuring IP addresses for interfaces
# Enter the view of interface GigabitEthernet 0/1 and configure its IP address as 3.3.3.2/24.
<LNS> system-view
[LNS] interface gigabitethernet 0/1
[LNS-GigabitEthernet0/1] ip address 3.3.3.2 24
[LNS-GigabitEthernet0/1] quit
# Enter the view of interface GigabitEthernet 0/2 and configure its IP address as 10.1.0.1/16.
[LNS] interface gigabitethernet 0/2
[LNS-GigabitEthernet0/2] ip address 10.1.0.1 16
[LNS-GigabitEthernet0/2] quit
Configuring PPP users
# Create a local PPP user with the username as vpdnuser and the password as 123456TESTplat&!.
[LNS] local-user vpdnuser class network
[LNS-luser-network-vpdnuser] password simple 123456TESTplat&!
[LNS-luser-network-vpdnuser] service-type ppp
[LNS-luser-network-vpdnuser] quit
Configuring a virtual template
# Create VT interface 1, and assign an IP address to the VT interface. Configure the PPP authentication method as PAP on VT interface 1, and specify VT interface 1 to allocate IP address 192.168.0.10 to the LAC client.
[LNS] interface virtual-template 1
[LNS-Virtual-Template1] ip address 192.168.0.1 24
[LNS-Virtual-Template1] ppp authentication-mode pap
[LNS-Virtual-Template1] remote address 192.168.0.10
[LAC-Virtual-PPP1] quit
Configuring an ISP domain
# Configure ISP domain system to perform local authentication for PPP users.
[LNS] domain system
[LNS-isp-system] authentication ppp local
[LNS-isp-system] quit
Configuring L2TP
# Enable L2TP, and create L2TP group 1 in LNS mode.
[LNS] l2tp enable
[LNS] l2tp-group 1 mode lns
# Configure the local tunnel name as LNS on the LNS, and specify VT interface 1 for receiving calls from the peer named LAC.
[LNS-l2tp1] tunnel name LNS
[LNS-l2tp1] allow l2tp virtual-template 1 remote LAC
# Enable tunnel authentication, and set the tunnel authentication password to aabbcc.
[LNS-l2tp1] tunnel authentication
[LNS-l2tp1] tunnel password simple aabbcc
[LNS-l2tp1] quit
Configuring routing
# Configure a private network route. Specify the next hop as the private network IP address 192.168.0.10 allocated to interface Virtual-PPP 1 on the LAC by the LNS for forwarding PPP user packets through the L2TP tunnel.
[LNS] ip route-static 10.2.0.0 16 192.168.0.10
Configuring the remote host
Configure the LAC as the gateway on the remote host.
Verifying the configuration
# On the LNS, execute the display l2tp session command to display the established L2TP sessions.
[LNS] display l2tp session
LocalSID RemoteSID LocalTID State
21409 3395 4501 Established
# On the LNS, execute the display l2tp tunnel command to view the established L2TP tunnels.
[LNS] display l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
4501 524 Established 1 3.3.3.1 1701 LAC
# On the LNS, verify that you can successfully ping the private network address 10.2.0.1 of the LAC, indicating that hosts in networks 10.2.0.0/16 and 10.1.0.0/16 can communicate through the L2TP tunnel.
[LNS] ping -a 10.1.0.1 10.2.0.1
Ping 10.2.0.1 (10.2.0.1): 56 data bytes, press CTRL_C to break
56 bytes from 10.2.0.1: icmp_seq=0 ttl=128 time=1.000 ms
56 bytes from 10.2.0.1: icmp_seq=1 ttl=128 time=1.000 ms
56 bytes from 10.2.0.1: icmp_seq=2 ttl=128 time=1.000 ms
56 bytes from 10.2.0.1: icmp_seq=3 ttl=128 time=1.000 ms
56 bytes from 10.2.0.1: icmp_seq=4 ttl=128 time=1.000 ms
--- Ping statistics for 10.2.0.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.000/1.000/0.000 ms
Configuration files
· LAC:
#
sysname LAC
#
interface Virtual-PPP1
ppp pap local-user vpdnuser password cipher $c$3$PaACxzHFVo2vHPsvHKK6bWn1Q8ViFklXJv9mCSSJaT5r5Sc=
ip address ppp-negotiate
l2tp-auto-client l2tp-group 1
#
interface GigabitEthernet0/1
port link-mode route
ip address 3.3.3.1 255.255.255.0
pppoe-client dial-bundle-number 1
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 10.2.0.1 255.255.0.0
#
ip route-static 10.1.0.0 16 Virtual-PPP1
#
l2tp-group 1 mode lac
lns-ip 3.3.3.2
tunnel name LAC
tunnel password cipher $c$3$C8wwsI8LAeqUZtV1K6OmotFsyQvEeznMog==
#
l2tp enable
· LNS:
#
sysname LNS
#
interface Virtual-Template1
ppp authentication-mode pap
remote address 192.168.0.10
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 3.3.3.2 255.255.255.0
pppoe-client dial-bundle-number 1
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 10.1.0.1 255.255.0.0
#
ip route-static 10.2.0.0 16 192.168.0.10
#
domain system
authentication ppp local
#
local-user vpdnuser class network
password cipher $c$3$0dtejUEZZmKQjqoqVWDWJCmFCQkYjSqrH9pKSs/Ay5G45OM=
service-type ppp
authorization-attribute user-role network-operator
#
l2tp-group 1 mode lns
allow l2tp virtual-template 1 remote LAC
tunnel name LAC
tunnel password cipher $c$3$DqBEx8gmAMULJ8E3vm1d0/JbUDDbOBA/dA==
#
l2tp enable