To: Michael Richardson <mcr@xelerance.com>
From: Patrick Naubert <patrickn@xelerance.com>
Subject: l2tpd config
Date: Tue, 22 Nov 2005 10:04:08 -0500
X-Mailer: Apple Mail (2.746.2)


[1. text/plain]   
On l2tp server:

-/etc/l2tpd/l2tpd.conf-

[global]
; Global parameters:
[lns default]                                                   ; Our
fallthrough LNS definition
ip range = 192.168.55.10-192.168.55.20  ; * Allocate from this IP range
local ip = 192.168.55.1                         ; * Our local IP to use
require chap = yes                                      ; * Require
CHAP auth. by peer
refuse pap = yes                                                ; *
Refuse PAP authentication
require authentication = yes                    ; * Require peer to
authenticate
name = Server                                           ; * Report
this as our hostname
ppp debug = yes                                         ; * Turn on
PPP debugging
pppoptfile = /etc/ppp/options.l2tp      ; * ppp options file
length bit = yes

-/etc/ppp/options.l2tp-

ipcp-accept-local
ipcp-accept-remote
auth
ms-dns 192.168.88.66
crtscts
noccp
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
ppp debug

-/etc/ppp/chap-secrets-
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
test            *       "test"                  *
*               test    "test"                  *
*               *       "test"                  *


Start l2tpd:  l2tpd -c /etc/l2tpd/l2tpd.conf
It will complain about the kernel, ignore that.

ON the clients:

-/etc/l2tpd/l2tpd.conf-

[global]
; Global parameters:
[lns default]                                                   ; Our
fallthrough LNS definition
ip range = 192.168.55.10-192.168.55.20  ; * Allocate from this IP range
local ip = 192.168.55.1                         ; * Our local IP to use
require chap = yes                                      ; * Require
CHAP auth. by peer
refuse pap = yes                                                ; *
Refuse PAP authentication
require authentication = yes                    ; * Require peer to
authenticate
name = MelonVPN                                                 ; *
Report this as our hostname
ppp debug = yes                                         ; * Turn on
PPP debugging
pppoptfile = /etc/ppp/options.l2tp      ; * ppp options file
length bit = yes
[lac server]
lns = 10.10.10.10

(Note, the "[lns default]" section is actually useless on the
clients, but I still left it in there)

-/etc/ppp/options.l2tp-
ipcp-accept-local
ipcp-accept-remote
auth
ms-dns 192.168.88.66
crtscts
noccp
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
proxyarp
connect-delay 5000
ppp debug

-/etc/ppp/chap-secrets-
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
test            *       "test"                  *
*               test    "test"                  *
*               *       "test"                  *


Start l2tpd:  l2tpd -c /etc/l2tpd/l2tpd.conf
It will complain about the kernel, ignore that.
To start the connection from client to server:
echo "c server" > /var/run/l2tp-control
Check your messages file.

This is know to work with 1 vpnX l2tpd server, and 2 vpnx l2tp
clients, direct connect.  Both clients can ping the server no problem
for 3 hours. Tested with ping -s 11070 192.168.55.1 from both clients
at same time.  I *did* get about 1%-2% failed packets for some reason.

Pat