L2Tp - D-Link NetDefend DFL-210 User Manual

9.5.2. L2TP

gw-world:/> add Interface L2TPServer MyPPTPServer ServerIP=lan_ip Interface=any
Web Interface
1. Go to Interfaces > L2TP Servers > Add > L2TPServer
2. Enter a name for the PPTP Server eg. MyPPTPServer.
3. Now enter:
• Inner IP Address: lan_ip
• Tunnel Protocol: PPTP
• Outer Interface Filter: any
• Outer Server IP: wan_ip
4. Under the PPP Parameters tab, select pptp_Pool in the IP Pool control
5. Under the Add Route tab, select all_nets from Allowed Networks
6. Click OK
Use User Authentication Rules is enabled as default. To be able to authenticate the users using the PPTP
tunnel you also need to configure authentication rules, which will not be covered in this example.
9.5.2. L2TP
Layer 2 Tunneling protocol (L2TP) is an IETF open standard that overcomes many of the problems
of PPTP. Its design is a combination of Layer 2 Forwarding (L2F) protocol and PPTP, making use
of the best features of both. Since the L2TP standard does not implement encryption , it is usually
implemented with an IETF standard known as L2TP/IPsec, in which L2TP packets are encapsulated
by IPsec. The client communicates with a Local Access Concentrator (LAC) and the LAC
communicates across the Internet with a L2TP Network Server (LNS). The D-Link Firewall acts as
the LNS. The LAC is, in effect, tunneling data, such as a PPP session, using IPsec to the LNS across
the Internet. In most cases the client will itself act as the LAC.
L2TP is certificate based and therefore is simpler to administer with a large number of clients and
arguably offers better security than PPTP. Unlike PPTP, it is possible to set up multiple virtual
networks across a single tunnel. Being IPsec based, L2TP requires NAT traversal (NAT-T) to be
implemented on the LNS side of the tunnel.
Example 9.11. Setting up an L2TP server
This example shows how to setup a L2TP Network Server. The example presumes that you have created some
address objects in the Address Book. You will have to specify the IP address of the L2TP server interface, an
outer IP address (that the L2TP server should listen to) and an IP pool that the L2TP server will use to give out IP
addresses to the clients from. The interface that the L2TP server will accept connections on is a virtual IPsec
tunnel, not illustrated in this example.
CLI
gw-world:/> add Interface L2TPServer MyL2TPServer ServerIP=ip_l2tp
Web Interface
1. Go to Interfaces > L2TP Servers > Add > L2TPServer
2. Enter a suitable name for the L2TP Server, eg. MyL2TPServer
IP=wan_ip IPPool=pp2p_Pool TunnelProtocol=PPTP AllowedRoutes=all-nets
Interface=l2tp_ipsec IP=wan_ip IPPool=L2TP_Pool TunnelProtocol=L2TP
AllowedRoutes=all-nets
261
Chapter 9. VPN