L2Tp Servers; Setting Up A Pptp Server - D-Link NetDefend DFL-210 User Manual

9.5.2. L2TP Servers

TCP port 1723 and/or IP protocol 47 before the PPTP connection can be made to the NetDefend
Firewall. Examining the log can indicate if this problem occurred, with a log message of the
following form appearing:
Error PPP lcp_negotiation_stalled ppp_terminated
Example 9.10. Setting up a PPTP server
This example shows how to setup a PPTP Network Server. The example assumes that you have already created
certain address objects in the Address Book.
You will have to specify the IP address of the PPTP server interface, an outer IP address (that the PPTP server
should listen to) and an IP pool that the PPTP server will use to give out IP addresses to the clients from.
Command-Line Interface
gw-world:/> add Interface L2TPServer MyPPTPServer
Web Interface
1. Go to Interfaces > PPTP/L2TP Servers > Add > PPTP/L2TP Server
2. Enter a name for the PPTP Server, for example MyPPTPServer
3. Now enter:
• Inner IP Address: lan_ip
• Tunnel Protocol: PPTP
• Outer Interface Filter: any
• Outer Server IP: wan_ip
4. Under the PPP Parameters tab, select pptp_Pool in the IP Pool control
5. Under the Add Route tab, select all_nets from Allowed Networks
6. Click OK
Use User Authentication Rules is enabled as default. To be able to authenticate the users using the PPTP
tunnel you also need to configure authentication rules, which will not be covered in this example.
9.5.2. L2TP Servers
Layer 2 Tunneling Protocol (L2TP) is an IETF open standard that overcomes many of the problems
of PPTP. Its design is a combination of Layer 2 Forwarding (L2F) protocol and PPTP, making use
of the best features of both. Since the L2TP standard does not implement encryption, it is usually
implemented with an IETF standard known as L2TP/IPsec, in which L2TP packets are encapsulated
by IPsec. The client communicates with a Local Access Concentrator (LAC) and the LAC
communicates across the Internet with a L2TP Network Server (LNS). The NetDefend Firewall acts
as the LNS. The LAC is, in effect, tunneling data, such as a PPP session, using IPsec to the LNS
across the Internet. In most cases the client will itself act as the LAC.
L2TP is certificate based and therefore is simpler to administer with a large number of clients and
arguably offers better security than PPTP. Unlike PPTP, it is possible to set up multiple virtual
networks across a single tunnel. Being IPsec based, L2TP requires NAT traversal (NAT-T) to be
implemented on the LNS side of the tunnel.
ServerIP=lan_ip Interface=any
IP=wan_ip IPPool=pp2p_Pool
TunnelProtocol=PPTP
AllowedRoutes=all-nets
384
Chapter 9. VPN