Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

L2TP client?

Is there an L2TP client in the edgerouter can find commands for setting it up as an L2TP server but not to make it connect to an existing one.

Want to establish a tunnel to a Mikrotik so I can route a IPv6 /64 back from a remote site (No native v6 at home)

Previously I was using L2TP between to MT's to do this and it worked quite well other than the RB751 at home running out of cpu grunt at about 40Mbit/s

Hopefully all going well with the ERL i'll eventually replace the MT at the other end as well (I've already got a 2nd ERL as I wasn't sure how long it would take to get more stock so I ordered 2 Icon Lol)
SuperUser
Posts: 21,761
Registered: ‎11-20-2011
Kudos: 7935
Solutions: 233

Re: L2TP client?

josh@EdgeRouterLite# set vpn l2tp remote-access
authentication dhcp-interface mtu wins-servers
client-ip-pool dns-servers outside-address
description ipsec-settings outside-nexthop


isp builder | linux sorcerer | datacenter automation conjurer | blog: blog.engineered.online
link to our slack channel on the blog
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

That seems to be geared towards the edgerouter being an L2TP server rather than having the edgerouter connect as a client to an Existing L2TP server.
Or am I just being stupid (which is quite likely)
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5479
Solutions: 1656
Contributions: 2

Re: L2TP client?

Yes currently the CLI only supports L2TP server, but the underlying implementation (xl2tpd) does support L2TP client, so it should be possible to get it to do what you need from the shell. Depending on what your requirements are, there are other ways to establish tunnels that may provide the needed functionality as well.
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

Yes currently the CLI only supports L2TP server, but the underlying implementation (xl2tpd) does support L2TP client, so it should be possible to get it to do what you need from the shell. Depending on what your requirements are, there are other ways to establish tunnels that may provide the needed functionality as well.


The other end is currently an Mikrotik RB1200, although all going well it may end up being replaced with my other ERL at somepoint.

Want to establish a tunnel I can route a Ipv6 /64 down as well as some specific IPv4 traffic.
SuperUser
Posts: 21,761
Registered: ‎11-20-2011
Kudos: 7935
Solutions: 233

Re: L2TP client?

The other end is currently an Mikrotik RB1200, although all going well it may end up being replaced with my other ERL at somepoint.

Want to establish a tunnel I can route a Ipv6 /64 down as well as some specific IPv4 traffic.


Why not just setup an ipsec vpn or GRE tunnel?


isp builder | linux sorcerer | datacenter automation conjurer | blog: blog.engineered.online
link to our slack channel on the blog
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

Why not just setup an ipsec vpn or GRE tunnel?


the Ipv4 on the home end is dynamically assigned.
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: L2TP client?

the Ipv4 on the home end is dynamically assigned.
IPSeC with a 0.0.0.0 peer?
EdgeMAX Router Software Development
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5479
Solutions: 1656
Contributions: 2

Re: L2TP client?

Creating an OpenVPN tunnel interface might work?
SuperUser
Posts: 21,761
Registered: ‎11-20-2011
Kudos: 7935
Solutions: 233

Re: L2TP client?

Set it up by dynamic dns host
:: sent from my phone


isp builder | linux sorcerer | datacenter automation conjurer | blog: blog.engineered.online
link to our slack channel on the blog
Member
Posts: 199
Registered: ‎09-19-2010
Kudos: 37

Re: L2TP client?

Dyndns.org should help

Sent from my XANphone using Tapatalk
Gabe

Ubnt Banana
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

Dyndns.org should help


Sent from my XANphone using Tapatalk


It doesn't as the edgerouter wants the IP address to be specified not the hostname.

The Mikrotik will accept a hostname but all it does is resolve it then store the IP when you save the rule.

I've bodged it for now by sticking a GRE tunnel inside a PPTP tunnel, bet that's doing horrible things in terms of MTU but at least I got Ipv6 working. Will need to figure out a better way to do things later. Icon Lol
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: L2TP client?

It doesn't as the edgerouter wants the IP address to be specified not the hostname.:
IPSec should allow a hostname.
ubnt@ER-PoE:~$ configure 

ubnt@gitsco-rtr# set vpn ipsec site-to-site peer ?
Possible completions:
IP address of the peer
Hostname of the peer
@ ID of the peer
EdgeMAX Router Software Development
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

IPSec should allow a hostname.
ubnt@ER-PoE:~$ configure 

ubnt@gitsco-rtr# set vpn ipsec site-to-site peer ?
Possible completions:
IP address of the peer
Hostname of the peer
@ ID of the peer


It's when it wants you to specify remote and local addresses I ran into a problem.

Might take another crack at it after some sleep.
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5479
Solutions: 1656
Contributions: 2

Re: L2TP client?

You can also try OpenVPN, which gives you a routable interface and you can have the side with dynamic IP initiate the tunnel connection.
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

You can also try OpenVPN, which gives you a routable interface and you can have the side with dynamic IP initiate the tunnel connection.


Might have a play with it tomorrow or I might be lazy and wait until I've replaced the MT at the other end Icon Wink
SuperUser
Posts: 14,656
Registered: ‎12-08-2008
Kudos: 11467
Solutions: 700
Contributions: 1

Re: L2TP client?

Definitely try OpenVPN - we've been using it for years on all kinds of platforms - Linux, Windoze, OSx, BSD, Solaris, even my Android tablet and phone. Very easy to set up and manage. And you can't beat the price...
Jim
" How can anyone trust Scientists? If new evidence comes along, they change their minds! " Politician's joke (sort of...)
"Humans are allergic to change..They love to say, ‘We’ve always done it this way.’ I try to fight that. "Admiral Grace Hopper, USN, Computer Scientist
"It's not Rocket Science! - Oh wait, Actually it is... "NASA bumper sticker
"Just because you can do something doesn't mean you should."my mantra in the Programming classes I used to teach once upon a time...
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

Definitely try OpenVPN - we've been using it for years on all kinds of platforms - Linux, Windoze, OSx, BSD, Solaris, even my Android tablet and phone. Very easy to set up and manage. And you can't beat the price...
Jim


Any idea where the logs are on the edgemax

Can't get it to play nice with the Mikrotik , setup certificates.etc can see the ERL try and connect to the Routerboard see it set the cyper to AES128-CBC/SHA1 then it drops.
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5479
Solutions: 1656
Contributions: 2

Re: L2TP client?

Any idea where the logs are on the edgemax


OpenVPN should log to syslog so by default it should be "/var/log/messages".
Established Member
Posts: 924
Registered: ‎05-28-2012
Kudos: 190
Solutions: 6

Re: L2TP client?

Got the openvpn up but looks like you can't easily assign an IPv6 address to it Icon Confused