D-Link NetDefend DFL-210 User Manual page 218

9.4.2. L2TP
Web Interface
1. Go to Interfaces > IPsec > Add > IPsec Tunnel
2. Enter a name for the IPsec tunnel e.g. l2tp_ipsec.
3. Now enter:
a. Local Network: wan_ip
b. Remote Network: all-nets
c. Remote Endpoint: none
d. Encapsulation Mode: Transport
e. IKE Proposal List: ike-roamingclients
f. IPsec Proposal List: esp-l2tptunnel
4. Enter 3600 in the IPsec Life Time seconds control.
5. Enter 250000 in the IPsec Life Time kilobytes control.
6. Under the Authentication tab, select Pre-shared Key.
7. Select MyPSK in the Pre-shared Key control.
8. Under the Routing tab, check the following controls:
• Allow DHCP over IPsec from single-host clients
• Dynamically add route to the remote network when a tunnel is established
9. Click OK.
Now it is time to setup the L2TP Server. The inner IP address should be a part of the network which the clients
are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that the L2TP server will
accept connections on, this will be the earlier created l2tp_ipsec. Also a ProxyARP needs to be configured for the
IP's used by the L2TP Clients.
3. Setup the L2TP Tunnel:
CLI
gw-world:/> add Interface L2TPServer l2tp_tunnel IP=lan_ip Interface=l2tp_ipsec
Web Interface
1. Go to Interfaces > L2TP Servers > Add > L2TPServer
2. Enter a name for the L2TP tunnel e.g. l2tp_tunnel.
3. Now enter:
• Inner IP Address: lan_ip
• Tunnel Protocol: L2TP
• Outer Interface Filter: l2tp_ipsec
• Server IP: wan_ip
4. Under the PPP Parameters tab, check the Use User Authentication Rules control
5. Select l2tp_pool in the IP Pool control
6. Under the Add Route tab, select all-nets in the Allowed Networks control.
IPsecAlgorithms=esp-l2tptunnel PSK=MyPSK EncapsulationMode=Transport
DHCPOverIPsec=Yes AddRouteToRemoteNet=Yes IPsecLifeTimeKilobytes=250000
IPsecLifeTimeSeconds=3600
ServerIP=wan_ip IPPool=l2tp_pool TunnelProtocol=L2TP
AllowedRoutes=all-nets ProxyARPInterfaces=lan
Chapter 9. Virtual Private Networks
205