Kategorie:IP
Konfiguration einer L2TP-Verbindung mit zwei Bintec Routern
Diese FAQ beschreibt die Konfiguration einer Verbindung über L2TP zwischen zwei Bintec Routern (X2302 und VPN Access 25).
1. Szenario
2.Voraussetzungen:
3.Konfiguration der VPN 25
Die VPN 25 wird in diesem Beispiel als L2TP-Server konfiguriert. Um im Internet erreichbar zu sein, muss der Router eine offizielle IP-Adresse haben.
Die Konfiguration des Tunnels erfolgt im Setup-Menü unter dem Menüpunkt L2TP.
Zuerst wird unter Static Settings der Punkt "Port usage for LNS mode " auf "single" umgestellt.
Die Konfiguration des Tunnels erfolgt im Setup-Menü unter dem Menüpunkt L2TP.
Zuerst wird unter Static Settings der Punkt "Port usage for LNS mode " auf "single" umgestellt.
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[L2TP][STATIC]: L2TP Static Settings vpn25
_______________________________________________________________________________
UDP port number for LNS mode 1701
Port usage for LNS mode single
SAVE CANCEL
_______________________________________________________________________________
[L2TP][STATIC]: L2TP Static Settings vpn25
_______________________________________________________________________________
UDP port number for LNS mode 1701
Port usage for LNS mode single
SAVE CANCEL
_______________________________________________________________________________
Konfiguration des L2TP-Tunnel-Profiles:
Legen Sie unter "L2TP" im Menü-Punkt "Tunnel Profiles" mit "Add" ein neues Tunnel-Profil an.
Legen Sie unter "L2TP" im Menü-Punkt "Tunnel Profiles" mit "Add" ein neues Tunnel-Profil an.
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[L2TP][TUNNEL PROFILES][EDIT]: Configure L2TP tunnels vpn25
_______________________________________________________________________________
Profile Name l2tp1
Local IP Address 192.168.100.1
Local UDP Port (LAC only) 0
Local Hostname
Remote IP Address (LAC only)
Remote UDP Port (LAC only) 1701
Remote Hostname
Tunnel Password test
Hello Interval 30
Data Packets Sequence Numbers disabled
Minimum Time Between Retries 1
Maximum Time Between Retries 16
Maximum Retry Count 5
SAVE CANCEL
_______________________________________________________________________________
[L2TP][TUNNEL PROFILES][EDIT]: Configure L2TP tunnels vpn25
_______________________________________________________________________________
Profile Name l2tp1
Local IP Address 192.168.100.1
Local UDP Port (LAC only) 0
Local Hostname
Remote IP Address (LAC only)
Remote UDP Port (LAC only) 1701
Remote Hostname
Tunnel Password test
Hello Interval 30
Data Packets Sequence Numbers disabled
Minimum Time Between Retries 1
Maximum Time Between Retries 16
Maximum Retry Count 5
SAVE CANCEL
_______________________________________________________________________________
Unter "WAN Partner" legen Sie mit "Add" einen neuen Eintrag für die L2TP-Verbindung an.
Als "Partner Name" vergeben Sie einen eindeutigen Namen für diesen WAN-Partner.
Als "Partner Name" vergeben Sie einen eindeutigen Namen für diesen WAN-Partner.
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[WAN][EDIT]: Configure WAN Partner vpn25
_______________________________________________________________________________
Partner Name l2tp
Encapsulation PPP
Encryption none
Compression none
PPP >
Advanced Settings >
IP >
Bridge >
SAVE CANCEL
_______________________________________________________________________________
[WAN][EDIT]: Configure WAN Partner vpn25
_______________________________________________________________________________
Partner Name l2tp
Encapsulation PPP
Encryption none
Compression none
PPP >
Advanced Settings >
IP >
Bridge >
SAVE CANCEL
_______________________________________________________________________________
Vergeben Sie unter "PPP>" Partner ID, Lokal ID und Passwort.
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[WAN][EDIT][PPP]: PPP Settings (l2tp) vpn25
_______________________________________________________________________________
Authentication CHAP + PAP
Partner PPP ID test
Local PPP ID test
PPP Password test
Keepalives off
Link Quality Monitoring off
OK CANCEL
_______________________________________________________________________________
[WAN][EDIT][PPP]: PPP Settings (l2tp) vpn25
_______________________________________________________________________________
Authentication CHAP + PAP
Partner PPP ID test
Local PPP ID test
PPP Password test
Keepalives off
Link Quality Monitoring off
OK CANCEL
_______________________________________________________________________________
Wählen Sie unter "Advanced Settings" als Layer 1 Protocol "PPP over L2TP (LNS Mode)" aus.
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[WAN][EDIT][ADVANCED]: Advanced Settings (l2tp) vpn25
_______________________________________________________________________________
Callback no
Static Short Hold (sec) -1
Idle for Dynamic Short Hold (%) 0
Delay after Connection Failure (sec) 10
Layer 1 Protocol PPP over L2TP (LNS mode)
Extended Interface Settings (optional) >
Special Interface Types none
OK CANCEL
_______________________________________________________________________________
[WAN][EDIT][ADVANCED]: Advanced Settings (l2tp) vpn25
_______________________________________________________________________________
Callback no
Static Short Hold (sec) -1
Idle for Dynamic Short Hold (%) 0
Delay after Connection Failure (sec) 10
Layer 1 Protocol PPP over L2TP (LNS mode)
Extended Interface Settings (optional) >
Special Interface Types none
OK CANCEL
_______________________________________________________________________________
Im Menüpunkt "IP"--> "Basic IP Settings" geben Sie die lokale IP-Adresse des Routers und die Netzadresse des Remote-Netzes, mit dem Sie sich verbinden wollen an.
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[WAN][EDIT][IP][BASIC]: IP-Settings (l2tp) vpn25
_______________________________________________________________________________
IP Transit Network no
Local IP Address 192.168.100.1
Default Route no
Remote IP Address 192.168.200.0
Remote Netmask 255.255.255.0
SAVE CANCEL
_______________________________________________________________________________
[WAN][EDIT][IP][BASIC]: IP-Settings (l2tp) vpn25
_______________________________________________________________________________
IP Transit Network no
Local IP Address 192.168.100.1
Default Route no
Remote IP Address 192.168.200.0
Remote Netmask 255.255.255.0
SAVE CANCEL
_______________________________________________________________________________
Damit die eingehenden L2TP-Verbindungen nicht durch NAT abgewiesen werden, muss noch eine Freigabe in NAT eingetragen werden.Tragen Sie die Freigabe unter IP--> Network Address Translation --> Internet-Interface--> Requested from Outside wie folgt ein:
VPN Access 25 Setup Tool BinTec Access Networks GmbH
[IP][NAT][EDIT][OUTSIDE][EDIT]: NAT - sessions from OUTSIDE (internet) vpn25
_______________________________________________________________________________
Service user defined
Protocol udp
Remote Address
Remote Mask
External Address
External Mask
External Port specify Port 1701
Internal Address 127.0.0.1
Internal Mask 255.255.255.255
Internal Port any
SAVE CANCEL
_______________________________________________________________________________
[IP][NAT][EDIT][OUTSIDE][EDIT]: NAT - sessions from OUTSIDE (internet) vpn25
_______________________________________________________________________________
Service user defined
Protocol udp
Remote Address
Remote Mask
External Address
External Mask
External Port specify Port 1701
Internal Address 127.0.0.1
Internal Mask 255.255.255.255
Internal Port any
SAVE CANCEL
_______________________________________________________________________________
Die Konfiguration der VPN25 ist somit abgeschlossen. Verlassen Sie das Setup-Menü mit "Exit" und "Save as Boot Configuration and Exit".
4. Konfiguration X2302
Stellen Sie zunächst unter "L2TP"--> "Static Settings" den Menüpunkt " Port usage for LNS mode" auf "single" um.
X2302 Setup Tool Bintec Access Networks GmbH
[L2TP][STATIC]: L2TP Static Settings x2302
_______________________________________________________________________________
UDP port number for LNS mode 1701
Port usage for LNS mode single
SAVE CANCEL
_______________________________________________________________________________
[L2TP][STATIC]: L2TP Static Settings x2302
_______________________________________________________________________________
UDP port number for LNS mode 1701
Port usage for LNS mode single
SAVE CANCEL
_______________________________________________________________________________
Legen Sie unter "Tunnel Profiles" ein neues Tunnelprofil wie folgt an:
X2302 Setup Tool Bintec Access Networks GmbH
[L2TP][TUNNEL PROFILES][EDIT]: Configure L2TP tunnels x2302
_______________________________________________________________________________
Profile Name l2tp1
Local IP Address 192.168.200.1
Local UDP Port (LAC only) 0
Local Hostname
Remote IP Address (LAC only) 145.254.236.149
Remote UDP Port (LAC only) 1701
Remote Hostname
Tunnel Password test
Hello Interval 30
Data Packets Sequence Numbers disabled
Minimum Time Between Retries 1
Maximum Time Between Retries 16
Maximum Retry Count 5
SAVE CANCEL
_______________________________________________________________________________
[L2TP][TUNNEL PROFILES][EDIT]: Configure L2TP tunnels x2302
_______________________________________________________________________________
Profile Name l2tp1
Local IP Address 192.168.200.1
Local UDP Port (LAC only) 0
Local Hostname
Remote IP Address (LAC only) 145.254.236.149
Remote UDP Port (LAC only) 1701
Remote Hostname
Tunnel Password test
Hello Interval 30
Data Packets Sequence Numbers disabled
Minimum Time Between Retries 1
Maximum Time Between Retries 16
Maximum Retry Count 5
SAVE CANCEL
_______________________________________________________________________________
Im Setup Hauptmenü konfigurieren Sie wie bei der VPN25 einen neuen WAN-Partner.
X2302 Setup Tool Bintec Access Networks GmbH
[WAN][ADD]: Configure WAN Partner x2302
_______________________________________________________________________________
Partner Name l2tp
Encapsulation PPP
PPP >
Advanced Settings >
IP >
SAVE CANCEL
_______________________________________________________________________________
[WAN][ADD]: Configure WAN Partner x2302
_______________________________________________________________________________
Partner Name l2tp
Encapsulation PPP
PPP >
Advanced Settings >
IP >
SAVE CANCEL
_______________________________________________________________________________
Geben Sie unter "PPP" die Daten für Partner ID, Lokale ID und Passwort an.
X2302 Setup Tool Bintec Access Networks GmbH
[WAN][ADD][PPP]: PPP Settings (l2tp) x2302
_______________________________________________________________________________
Authentication CHAP + PAP
Partner PPP ID test
Local PPP ID test
PPP Password test
Keepalives off
Link Quality Monitoring off
OK CANCEL
_______________________________________________________________________________
[WAN][ADD][PPP]: PPP Settings (l2tp) x2302
_______________________________________________________________________________
Authentication CHAP + PAP
Partner PPP ID test
Local PPP ID test
PPP Password test
Keepalives off
Link Quality Monitoring off
OK CANCEL
_______________________________________________________________________________
Wählen Sie unter "Advanced Settings" als "Layer 1 Protocol " "PPP over L2TP (LAC Mode) aus . Nach Auswahl des Layer 1 Protokolls können Sie Ihr vorher angelegtes Tunnel Profil auswählen.
X2302 Setup Tool Bintec Access Networks GmbH
[WAN][ADD][ADVANCED]: Advanced Settings (l2tp) x2302
_______________________________________________________________________________
Static Short Hold (sec) -1
Delay after Connection Failure (sec) 10
Layer 1 Protocol PPP over L2TP (LAC mode)
L2TP Tunnel Profile l2tp1
Special Interface Types none
OK CANCEL
_______________________________________________________________________________
[WAN][ADD][ADVANCED]: Advanced Settings (l2tp) x2302
_______________________________________________________________________________
Static Short Hold (sec) -1
Delay after Connection Failure (sec) 10
Layer 1 Protocol PPP over L2TP (LAC mode)
L2TP Tunnel Profile l2tp1
Special Interface Types none
OK CANCEL
_______________________________________________________________________________
Als letzten Schritt definieren Sie unter "IP"--> "Basic IP Settings" das IP-Netz, zu dem der Tunnel aufgebaut werden soll.
X2302 Setup Tool Bintec Access Networks GmbH
[WAN][ADD][IP][BASIC]: IP-Settings (l2tp) x2302
_______________________________________________________________________________
IP Transit Network no
Local IP Address 192.168.200.1
Default Route no
Remote IP Address 192.168.100.0
Remote Netmask 255.255.255.0
SAVE CANCEL
_______________________________________________________________________________
[WAN][ADD][IP][BASIC]: IP-Settings (l2tp) x2302
_______________________________________________________________________________
IP Transit Network no
Local IP Address 192.168.200.1
Default Route no
Remote IP Address 192.168.100.0
Remote Netmask 255.255.255.0
SAVE CANCEL
_______________________________________________________________________________
5. Kontrollmeldungen
Wenn die Verbindung erfolgreich aufgebaut wird, sollten Sie Meldungen ähnlich den nachfolgenden erhalten.
Debug-Ausgabe VPN25:
Debug-Ausgabe VPN25:
00:11:52 INFO/PPP: L2TP SCCRQ (start control connection request) from 84.149.209.219:32782:0 accepted
00:11:52 INFO/PPP: L2TP SCCRP (start control connection reply) issued to 84.149.209.219:32782:58453
00:11:53 INFO/PPP: L2TP SCCCN (tunnel establishment confirm) from 84.149.209.219:32782:58453 accepted
00:11:53 DEBUG/PPP: dialin from <84.149.209.219> to local number <192.168.100.1> (7/0)
00:11:53 ERR/PPP: no RADIUS server available
00:11:53 DEBUG/PPP: ?: call accepted, call not identified by number
00:11:53 INFO/PPP: L2TP ICRQ (incoming call request) from 84.149.209.219:32782:58453/75 accepted
00:11:53 INFO/PPP: L2TP ICRP (incoming call reply) issued to 84.149.209.219:32782:58453/75
00:11:53 INFO/PPP: received L2TP ICCN (incoming call connected) from 84.149.209.219:32782:58453/75
00:11:53 DEBUG/PPP: Layer 1 protocol l2tp
00:11:53 DEBUG/PPP: ?: set ifSpeed, number of active connections: 0/0/0
00:11:53 DEBUG/PPP: 10002 authenticated via CHAP_MD5
00:11:53 DEBUG/PPP: l2tp: set ifSpeed, number of active connections: 0/0/1
00:11:53 DEBUG/PPP: l2tp: call identified for <test>
00:11:53 DEBUG/PPP: l2tp: set ifSpeed, number of active connections: 1/1/1
00:11:53 DEBUG/PPP: l2tp: incoming connection established
00:11:52 INFO/PPP: L2TP SCCRP (start control connection reply) issued to 84.149.209.219:32782:58453
00:11:53 INFO/PPP: L2TP SCCCN (tunnel establishment confirm) from 84.149.209.219:32782:58453 accepted
00:11:53 DEBUG/PPP: dialin from <84.149.209.219> to local number <192.168.100.1> (7/0)
00:11:53 ERR/PPP: no RADIUS server available
00:11:53 DEBUG/PPP: ?: call accepted, call not identified by number
00:11:53 INFO/PPP: L2TP ICRQ (incoming call request) from 84.149.209.219:32782:58453/75 accepted
00:11:53 INFO/PPP: L2TP ICRP (incoming call reply) issued to 84.149.209.219:32782:58453/75
00:11:53 INFO/PPP: received L2TP ICCN (incoming call connected) from 84.149.209.219:32782:58453/75
00:11:53 DEBUG/PPP: Layer 1 protocol l2tp
00:11:53 DEBUG/PPP: ?: set ifSpeed, number of active connections: 0/0/0
00:11:53 DEBUG/PPP: 10002 authenticated via CHAP_MD5
00:11:53 DEBUG/PPP: l2tp: set ifSpeed, number of active connections: 0/0/1
00:11:53 DEBUG/PPP: l2tp: call identified for <test>
00:11:53 DEBUG/PPP: l2tp: set ifSpeed, number of active connections: 1/1/1
00:11:53 DEBUG/PPP: l2tp: incoming connection established
Debug-Ausgabe X2302:
01:11:54 DEBUG/PPP: l2tp: event: 6, status: 0 (5) -> 1 (5)
01:11:54 DEBUG/PPP: l2tp: connect to <1>
01:11:54 INFO/PPP: L2TP SCCRQ (start control connection request) issued to 145.254.236.149:1701:14625
01:11:54 DEBUG/INET: NAT: new outgoing session on ifc 10001 prot 17 192.168.200.1:1071/84.149.209.219:32782 -> 145.254.236.149:1701
01:11:54 INFO/PPP: received L2TP SCCRP (start control connection reply) from 145.254.236.149:32769:14625
01:11:54 INFO/PPP: L2TP SCCCN (start control connection connected) issued to 145.254.236.149:32769:14625
01:11:54 INFO/PPP: L2TP ICRQ (incoming call request) issued to 145.254.236.149:32769:14625/75
01:11:54 INFO/PPP: received L2TP ICRP (incoming call reply) from 145.254.236.149:32769:14625/75
01:11:54 INFO/PPP: L2TP ICCN (incoming call connected) issued to 145.254.236.149:32769:14625/75
01:11:54 DEBUG/PPP: layer 1 type l2tp
01:11:55 DEBUG/PPP: l2tp: event: 16, status: 1 (5) -> 8 (1)
01:11:55 DEBUG/PPP: l2tp: outgoing connection established
01:11:54 DEBUG/PPP: l2tp: connect to <1>
01:11:54 INFO/PPP: L2TP SCCRQ (start control connection request) issued to 145.254.236.149:1701:14625
01:11:54 DEBUG/INET: NAT: new outgoing session on ifc 10001 prot 17 192.168.200.1:1071/84.149.209.219:32782 -> 145.254.236.149:1701
01:11:54 INFO/PPP: received L2TP SCCRP (start control connection reply) from 145.254.236.149:32769:14625
01:11:54 INFO/PPP: L2TP SCCCN (start control connection connected) issued to 145.254.236.149:32769:14625
01:11:54 INFO/PPP: L2TP ICRQ (incoming call request) issued to 145.254.236.149:32769:14625/75
01:11:54 INFO/PPP: received L2TP ICRP (incoming call reply) from 145.254.236.149:32769:14625/75
01:11:54 INFO/PPP: L2TP ICCN (incoming call connected) issued to 145.254.236.149:32769:14625/75
01:11:54 DEBUG/PPP: layer 1 type l2tp
01:11:55 DEBUG/PPP: l2tp: event: 16, status: 1 (5) -> 8 (1)
01:11:55 DEBUG/PPP: l2tp: outgoing connection established
cg