Client-Initiated Vpn - H3C SR6600 Configuration Manual

23142

Client-Initiated VPN

Network requirements
As shown in
1) The user first accesses the Internet, and then initiates a tunneling request to the LNS
directly.
2) After the LNS accepts the connection request, an L2TP tunnel is set up between the
LNS and the VPN user.
3) The VPN user communicates with the headquarters over the tunnel.
Figure 4-9 Network diagram for the client-initiated VPN
2.1.1.1/24
VPN user
Configuration procedure
1) Configure the LNS
# Configure IP addresses for the interfaces. (Omitted)
# Configure the route between the LNS and the user host. (Omitted)
# Create a local user named vpdnuser, set the password, and enable PPP service. Note
that the username and password must match those configured on the client.
<LNS> system-view
[LNS] local-user vpdnuser
[LNS-luser-vpdnuser] password simple Hello
[LNS-luser-vpdnuser] service-type ppp
[LNS-luser-vpdnuser] quit
# Configure local authentication for the VPN user.
[LNS] domain system
[LNS-isp-system] authentication ppp local
[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100
[LNS-isp-system] quit
# Enable L2TP.
[LNS] l2tp enable
# Configure the virtual interface template.
[LNS] interface virtual-template 1
[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0
[LNS-virtual-template1] ppp authentication-mode chap domain system
[LNS-virtual-template1] remote address pool 1
[LNS-virtual-template1] quit
# Create an L2TP group and specify the virtual interface template for receiving calls.
[LNS] l2tp-group 1
729 1
Figure 4-9, a VPN user accesses the corporate headquarters as follows:
Internet
L2TP tunnel
GE1/0/1
1.1.2.2/24
LNS
4-86
Corporate
network