L2TPv2 Server

In L2TPv2 server setups, all sessions in a tunnel carry PPP.

When configured as an L2TPv2 server, prol2tpd is used to set up L2TP tunnels and sessions in order to receive data from clients. propppd is used to terminate PPP in those sessions.

When L2TP sessions are created and destroyed in L2TP tunnels, prol2tpd uses APIs of propppd to create and destroy PPP instances. If a PPP connection is terminated, perhaps because the PPP peer disconnects or fails to authenticate, prol2tpd closes the corresponding L2TP session automatically.

Required ProL2TP packages

Install prol2tp and proppp packages.

Configuration

When used as an L2TPv2 server, PPP connections are usually authenticated by RADIUS. IP addresses are assigned using an IP pool from RADIUS.

In this example, it is assumed that a RADIUS server already exists and is configured to authenticate PPP users and assign IP addresses. If you don’t already have a RADIUS server, refer to the RADIUS section.

File Use
prol2tpd.conf Server prol2tp config file /etc/prol2tp/prol2tpd.conf
propppd.conf Server proppp config file /etc/prol2tp/propppd.conf

The referenced sample config files are annotated to explain the parameters used.

propppd.conf

propppd.conf sets PPP options such as allowed auth protocols and PPP LCP echo. It is common for ISPs to use LCP Echo to send periodic pings to the peer to detect it being disconnected or the network path abruptly dropping. The config also calls out the RADIUS server(s) to be used.

prol2tpd.conf

prol2tpd.conf sets options to define the IP addresses of L2TP peers that are allowed to connect and the shared secrets used to authenticate each peer.

For more details of all config options available, refer to the propppd.conf man page and prol2tpd.conf man page.

RADIUS

If a RADIUS server is not already available, we recommend installing freeradius which is available in most Linux distributions.

The config file layout of freeradius is quite complex and differs significantly between freeradius versions 2 and 3. It should be configured with PPP users and passwords, assigning IP addresses from an IP address pool.

FreeRADIUS 2

Config files are located under /etc/freeradius/.

  • Disable RADIUS proxy Edit radiusd.conf and set proxy_requests to no.

  • Set IP addresses in an IP address pool Edit modules/ippool and edit range-start / range-stop in the main_pool definition.

  • Enable the IP address pool Edit sites-available/default and uncomment main_pool.

  • Add users Edit users and add entries for each user like the below example.

    DEFAULT Pool-Name := "main_pool"
         Fall-Through = Yes
    u1@example.com Cleartext-Password := "u1_pass"
         Framed-Protocol == PPP

FreeRADIUS 3

Config files are located under /etc/freeradius/3.0/.

  • Disable RADIUS proxy Edit radiusd.conf and set proxy_requests to no.

  • Set IP addresses in an IP address pool Edit mods-available/ippool and edit range-start / range-stop in the main_pool definition.

  • Enable the IP address pool Edit sites-available/default and uncomment main_pool.

  • Add users Edit mods-config/files/authorize and add entries for each user like the below example.

    DEFAULT Pool-Name := "main_pool"
         Fall-Through = Yes
    u1@example.com Cleartext-Password := "u1_pass"
         Framed-Protocol == PPP

You are reading the manual of ProL2TP: enterprise class L2TP software for Linux systems

Learn more about ProL2TP and register for a free trial

Go