diff options
Diffstat (limited to 'docs/configuration/vpn/l2tp.rst')
| -rw-r--r-- | docs/configuration/vpn/l2tp.rst | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 8dc34ee4..4a7657e7 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -17,8 +17,8 @@ with native Windows and Mac VPN clients): set vpn ipsec interface eth0 set vpn l2tp remote-access outside-address 192.0.2.2 - set vpn l2tp remote-access client-ip-pool start 192.168.255.2 - set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 + set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 + set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret> set vpn l2tp remote-access authentication mode local @@ -60,7 +60,7 @@ To allow VPN-clients access via your external address, a NAT rule is required: .. code-block:: none - set nat source rule 110 outbound-interface 'eth0' + set nat source rule 110 outbound-interface name 'eth0' set nat source rule 110 source address '192.168.255.0/24' set nat source rule 110 translation address masquerade @@ -73,15 +73,16 @@ parameter to the client. set vpn l2tp remote-access name-server '198.51.100.8' set vpn l2tp remote-access name-server '198.51.100.4' -Established sessions can be viewed using the **show vpn remote-access** -operational command, or **show l2tp-server sessions** +Established sessions can be viewed using the **show l2tp-server sessions** +operational command .. code-block:: none - vyos@vyos:~$ show vpn remote-access - ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime - --------+----------+--------------+---------------+------------+------+------+--------+---------- - ppp0 | vyos | 192.168.0.36 | 192.168.255.1 | | l2tp | | active | 00:06:13 + vyos@vyos:~$ show l2tp-server sessions + ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes + --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+---------- + l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB + LNS (L2TP Network Server) @@ -94,8 +95,8 @@ Below is an example to configure a LNS: .. code-block:: none set vpn l2tp remote-access outside-address 192.0.2.2 - set vpn l2tp remote-access client-ip-pool start 192.168.255.2 - set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 + set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 + set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access lns shared-secret 'secret' set vpn l2tp remote-access ccp-disable set vpn l2tp remote-access authentication mode local @@ -121,17 +122,18 @@ The rate-limit is set in kbit/sec. .. code-block:: none set vpn l2tp remote-access outside-address 192.0.2.2 - set vpn l2tp remote-access client-ip-pool start 192.168.255.2 - set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 + set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 + set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username test password test set vpn l2tp remote-access authentication local-users username test rate-limit download 20480 set vpn l2tp remote-access authentication local-users username test rate-limit upload 10240 - vyos@vyos:~$ show vpn remote-access - ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime - -------+----------+--------------+---------------+-------------+------+------+--------+----------- - ppp0 | test | 192.168.0.36 | 192.168.255.2 | 20480/10240 | l2tp | | active | 00:06:30 + vyos@vyos:~$ show l2tp-server sessions + ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes + --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+---------- + l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB + RADIUS authentication ====================== |