blob: b246c4d35777f6d757e0c0cefdee5f86f0b735af (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
 | :lastproofread: 2024-02-21
.. _examples-lac-lns:
###############
PPPoE over L2TP
###############
This document is to describe a basic setup using PPPoE over L2TP.
LAC and LNS are components of the broadband topology.
LAC - L2TP access concentrator
LNS -  L2TP Network Server
LAC and LNS forms L2TP tunnel. LAC receives packets from PPPoE clients and
forward them to LNS. LNS is the termination point that comes from PPP packets
from the remote client.
In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC.
All users with domain **vyos.io** will be tunneled to LNS via L2TP.
Network Topology
================
.. image:: /_static/images/lac-lns-diagram.jpg
   :width: 60%
   :align: center
   :alt: Network Topology Diagram
Configurations
==============
LAC
---
.. code-block:: none
    aaa new-model
    !
    aaa authentication ppp default local
    !
    vpdn enable
    vpdn aaa attribute nas-ip-address vpdn-nas
    !
    vpdn-group LAC
     request-dialin
      protocol l2tp
      domain vyos.io
     initiate-to ip 192.168.139.100
     source-ip 192.168.139.101
     local name LAC
     l2tp tunnel password 0 test123
    !
    bba-group pppoe MAIN-BBA
     virtual-template 1
    !
    interface GigabitEthernet0/0
     description To LNS
     ip address 192.168.139.101 255.255.255.0
     duplex auto
     speed auto
     media-type rj45
    !
    interface GigabitEthernet0/1
     description To PPPoE clients
     no ip address
     duplex auto
     speed auto
     media-type rj45
     pppoe enable group MAIN-BBA
    !
LNS
---
.. code-block:: none
    set interfaces ethernet eth0 address '192.168.139.100/24'
    set nat source rule 100 outbound-interface name 'eth0'
    set nat source rule 100 source address '10.0.0.0/24'
    set nat source rule 100 translation address 'masquerade'
    set protocols static route 0.0.0.0/0 next-hop 192.168.139.2
    set vpn l2tp remote-access authentication mode 'radius'
    set vpn l2tp remote-access authentication radius server 192.168.139.110 key 'radiustest'
    set vpn l2tp remote-access client-ip-pool TEST-POOL range '10.0.0.2-10.0.0.100'
    set vpn l2tp remote-access default-pool 'TEST-POOL'
    set vpn l2tp remote-access gateway-address '10.0.0.1'
    set vpn l2tp remote-access lns host-name 'LAC'
    set vpn l2tp remote-access lns shared-secret 'test123'
    set vpn l2tp remote-access name-server '8.8.8.8'
    set vpn l2tp remote-access ppp-options disable-ccp
.. note:: This setup requires the Compression Control Protocol (CCP)
          being disabled, the command ``set vpn l2tp remote-access ppp-options disable-ccp``
          accomplishes that.
Client
------
In this lab we use Windows PPPoE client.
.. image:: /_static/images/lac-lns-winclient.jpg
   :width: 100%
   :align: center
   :alt: Window PPPoE Client Configuration
Monitoring
----------
Monitoring on LNS side
.. code-block:: none
    vyos@vyos:~$ show l2tp-server sessions
     ifname |   username   |    ip    | ip6 | ip6-dp |   calling-sid   | rate-limit | state  |  uptime  | rx-bytes  | tx-bytes
    --------+--------------+----------+-----+--------+-----------------+------------+--------+----------+-----------+----------
     l2tp0  | test@vyos.io | 10.0.0.2 |     |        | 192.168.139.101 |            | active | 00:00:35 | 188.4 KiB | 9.3 MiB
Monitoring on LAC side
.. code-block:: none
    Router#show pppoe session
         1 session  in FORWARDED (FWDED) State
         1 session  total
    Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
               SID  LocMAC                                      VA-st      Type
          1      1  000c.290b.20a6  Gi0/1                    1  N/A        FWDED
                    0c58.88ac.0001
    Router#show l2tp
    L2TP Tunnel and Session Information Total tunnels 1 sessions 1
    LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                               Count VPDN Group
    23238      2640       LAC           est    192.168.139.100 1     LAC
    LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID
                                     Vcid, Circuit
    25641      25822      23238      test@vyos.io, Gi0/1  est    00:05:36 1
Monitoring on RADIUS Server side
.. code-block:: none
    root@Radius:~# cat /var/log/freeradius/radacct/192.168.139.100/detail-20240221
    Wed Feb 21 13:37:17 2024
            User-Name = "test@vyos.io"
            NAS-Port = 0
            NAS-Port-Id = "l2tp0"
            NAS-Port-Type = Virtual
            Service-Type = Framed-User
            Framed-Protocol = PPP
            Calling-Station-Id = "192.168.139.101"
            Called-Station-Id = "192.168.139.100"
            Acct-Status-Type = Start
            Acct-Authentic = RADIUS
            Acct-Session-Id = "45c731e169d9a4f1"
            Acct-Session-Time = 0
            Acct-Input-Octets = 0
            Acct-Output-Octets = 0
            Acct-Input-Packets = 0
            Acct-Output-Packets = 0
            Acct-Input-Gigawords = 0
            Acct-Output-Gigawords = 0
            Framed-IP-Address = 10.0.0.2
            NAS-IP-Address = 192.168.139.100
            Event-Timestamp = "Feb 21 2024 13:37:17 UTC"
            Tmp-String-9 = "ai:"
            Acct-Unique-Session-Id = "ea6a1089816f19c0d0f1819bc61c3318"
            Timestamp = 1708522637
 |