D-Link NetDefendOS User Manual page 733

Now, we will setup the IPsec Tunnel which will later be used with L2TP. As we are going to use
L2TP, the Local Network is the same IP as the IP that the L2TP tunnel will connect to, wan_ip. In
addition, the IPsec tunnel needs to be configured so that routes are not defined statically or add
dynamically when the tunnel is established.
B. Continue setting up the IPsec Tunnel:
Command-Line Interface
gw-world:/> add Interface IPsecTunnel l2tp_ipsec
Web Interface
1. Go to: Network > Interfaces and VPN > IPsec > Add > IPsec Tunnel
2. Enter a name for the IPsec tunnel, for example l2tp_ipsec
3. Now enter:
a. Local Network: wan_ip
b. Remote Network: all-nets
c. Remote Endpoint: none
d. Encapsulation Mode: Transport
e. IKE Algorithms: High
f. IPsec Algorithms: esp-l2tptunnel
4. Enter 3600 for IPsec Life Time seconds
5. Enter 250000 for IPsec Life Time kilobytes
6. Under the Authentication tab, select Pre-shared Key
7. Select MyPSK as the Pre-shared Key
8. Under the Advanced tab, deselect Add route statically
The option Add route statically should also be deselected.
9. Click OK
Next, set up the L2TP Server. The inner IP address should be a part of the network which the
clients are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that
the L2TP server will accept connections on, this will be the earlier created l2tp_ipsec. ProxyARP
also needs to be configured for the IPs used by the L2TP Clients.
C. Setup the L2TP Tunnel:
LocalNetwork=wan_ip
RemoteNetwork=all-nets
PSK=MyPSK
IKEAlgorithms=Medium
IPsecAlgorithms=esp-l2tptunnel
EncapsulationMode=Transport
AutoInterfaceNetworkRoute=No
IPsecLifeTimeKilobytes=250000
IPsecLifeTimeSeconds=3600
733
Chapter 9: VPN