diff options
| author | Robert Göhler <github@ghlr.de> | 2021-07-21 20:30:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-21 20:30:15 +0200 |
| commit | d5a2b5d7b27f7d7666cff675a7048529590e8fc5 (patch) | |
| tree | b4d360044b54d9bb499526709878e17b30db74fe /docs/configuration/vpn/l2tp.rst | |
| parent | f601ca43e0ca1619af7b9829a4b70fdb4ed7a195 (diff) | |
| parent | f6e5ef39a8945c39ffc73810ef428e104c3a8f4e (diff) | |
| download | vyos-documentation-d5a2b5d7b27f7d7666cff675a7048529590e8fc5.tar.gz vyos-documentation-d5a2b5d7b27f7d7666cff675a7048529590e8fc5.zip | |
Merge pull request #571 from srividya0208/vpn-pptp
Vpn pptp/l2tp
Diffstat (limited to 'docs/configuration/vpn/l2tp.rst')
| -rw-r--r-- | docs/configuration/vpn/l2tp.rst | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 64223475..cd14cdda 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-07-15 + .. _l2tp: L2TP over IPsec @@ -60,6 +62,8 @@ will need to add the appropriate source NAT rules to your configuration. set nat source rule 110 source address '192.168.255.0/24' set nat source rule 110 translation address masquerade +.. stop_vyoslinter + To be able to resolve when connected to the VPN, the following DNS rules are needed as well. @@ -71,6 +75,8 @@ needed as well. .. note:: Those are the `Google public DNS`_ servers. You can also use the public available servers from Quad9_ (9.9.9.9) or Cloudflare_ (1.1.1.1). +.. start_vyoslinter + Established sessions can be viewed using the **show vpn remote-access** operational command. @@ -85,7 +91,7 @@ operational command. RADIUS authentication ^^^^^^^^^^^^^^^^^^^^^ -The above configuration made use of local accounts on the VyOS router for +The above configuration uses local accounts on the VyOS router for authenticating L2TP/IPSec clients. In bigger environments usually something like RADIUS_ (FreeRADIUS_ or Microsoft `Network Policy Server`_, NPS) is used. @@ -95,6 +101,8 @@ VyOS supports either `local` or `radius` user authentication: set vpn l2tp remote-access authentication mode <local|radius> +.. stop_vyoslinter + In addition one or more RADIUS_ servers can be configured to server for user authentication. This is done using the `radius server` and `radius server key` nodes: @@ -104,9 +112,9 @@ nodes: set vpn l2tp remote-access authentication radius server 1.1.1.1 key 'foo' set vpn l2tp remote-access authentication radius server 2.2.2.2 key 'foo' -.. note:: Some RADIUS_ severs make use of an access control list who is allowed - to query the server. Please configure your VyOS router in the allowed client - list. +.. note:: Some RADIUS_ severs make use of an access control list which is + allowed to query the server. Please configure your VyOS router in the + allowed client list. RADIUS source address ********************* @@ -122,6 +130,7 @@ single source IP e.g. the loopback interface. Above command will use `3.3.3.3` as source IPv4 address for all RADIUS queries on this NAS. +.. start_vyoslinter .. _`Google Public DNS`: https://developers.google.com/speed/public-dns .. _Quad9: https://quad9.net |