Manualshelf

Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card
61626364656667686970
• accessing an Intranet/LAN of a company for remote (mobile) clients (employees)
Each L2TP connection is composed of a server and a client. The Wandy RouterOS may function
as a server or client or, for various configurations, it may be the server for some connections and
client for other connections.
Specifications
Packages required: ppp
License required: level1 (limited to 1 tunnel), level3 (limited to 200 tunnels), level5
interface l2tp-server, /interface l2tp-client
Standards and Technologies: L2TP (RFC 2661)
Hardware usage: Not significant
Related Documents
Package Management
IP Addresses and ARP
AAA
EoIP Tunnel Interface
IP Security
Description
L2TP is a secure tunnel protocol for transporting IP traffic using PPP. L2TP encapsulates PPP in
virtual lines that run over IP, Frame Relay and other protocols (that are not currently supported by
Wandy RouterOS). L2TP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to
make encrypted links. The purpose of this protocol is to allow the Layer 2 and PPP endpoints to
reside on different devices interconnected by a packet-switched network. With L2TP, a user has a
Layer 2 connection to an access concentrator - LAC (e.g., modem bank, ADSL DSLAM, etc.), and
the concentrator then tunnels individual PPP frames to the Network Access Server - NAS. This
allows the actual processing of PPP packets to be divorced from the termination of the Layer 2
circuit. From the user's perspective, there is no functional difference between having the L2 circuit
terminate in a NAS directly or using L2TP.
It may also be useful to use L2TP just as any other tunneling protocol with or without encryption.
The L2TP standard says that the most secure way to encrypt data is using L2TP over IPsec (Note
that it is default mode for Microsoft L2TP client) as all L2TP control and data packets for a
particular tunnel appear as homogeneous UDP/IP data packets to the IPsec system.
L2TP includes PPP authentication and accounting for each L2TP connection. Full authentication
and accounting of each connection may be done through a RADIUS client or locally.
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
L2TP traffic uses UDP protocol for both control and data packets. UDP port 1701 is used only for
link establishment, further traffic is using any available UDP port (which may or may not be 1701).
This means that L2TP can be used with most firewalls and routers (even with NAT) by enabling
UDP traffic to be routed through the firewall or router.
L2TP Client Setup