[x]

L2TP configuration examples > Configuration example for client-initiated VPN

 

 Next

Configuration example for client-initiated VPN

Network requirements

As shown in Figure 97, a VPN user accesses the corporate headquarters in the following procedure:

  1. Configure an IP address and route for the user host, making sure that the host is reachable to the LNS.

  2. The user initiates a tunneling request to the LNS.

  3. After the LNS accepts the connection request, an L2TP tunnel is set up between the LNS and the VPN user.

  4. The VPN user communicates with the headquarters over the tunnel.

Figure 97: Network diagram

Configuration procedure

  1. Configure the LNS:

    # Configure IP addresses for the interfaces. (Details not shown.)

    # Configure the route between the LNS and the user host. (Details not shown.)

    # Create a local user named vpdnuser, set the password, and enable the PPP service. The username and password must match those configured on the client.

    <LNS> system-view
[LNS] local-user vpdnuser
[LNS-luser-vpdnuser] password simple Hello
[LNS-luser-vpdnuser] service-type ppp
[LNS-luser-vpdnuser] quit

    # Configure local authentication for the VPN user.

    [LNS] domain system
[LNS-isp-system] authentication ppp local
[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100
[LNS-isp-system] quit

    # Enable L2TP.

    [LNS] l2tp enable

    # Configure the VT interface.

    [LNS] interface virtual-template 1
[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0
[LNS-virtual-template1] ppp authentication-mode chap domain system
[LNS-virtual-template1] remote address pool 1
[LNS-virtual-template1] quit

    # Create an L2TP group and specify the VT interface for receiving calls. 

    [LNS] l2tp-group 1
[LNS-l2tp1] tunnel name LNS
[LNS-l2tp1] allow l2tp virtual-template 1

  2. Configure the VPN user host:

    • Configure the IP address of the user host as 2.1.1.1, and configure a route to the LNS (1.1.2.2).

    • Create a virtual private network connection by using the Windows system, or install the L2TP client software, such as WinVPN Client.

    • Complete the following configuration procedure (the procedure depends on the client software):

      # Specify the VPN username as vpdnuser and the password as Hello.

      # Specify the Internet interface address of the security gateway as the IP address of the LNS. In this example, the Ethernet interface for the tunnel on the LNS has an IP address of 1.1.2.2.

      # Modify the connection attributes, setting the protocol to L2TP, the encryption attribute to customized and the authentication mode to CHAP.

  3. Verify the configuration:

    # On the user host, initiate the L2TP connection. After the connection is established, the user host can obtain the IP address 192.168.0.2 and ping the private IP address of the LNS (192.168.0.1).

    # On the LNS, use the display l2tp session command to check the established L2TP session.

    [LNS-l2tp1] display l2tp session
 Total session = 1

 LocalSID  RemoteSID  LocalTID
  647       1          1

    # On the LNS, use the display l2tp tunnel command to check the established L2TP tunnel.

    [LNS-l2tp1] display l2tp tunnel
 Total tunnel = 1

 LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
 1        5         2.1.1.1          1701   1        l2tpuser

prev

 

up

 next

Configuration example for NAS-initiated VPN 

home

 Configuration example for LAC-auto-initiated VPN

© Copyright 2016 Hewlett Packard Enterprise Development LP