Hi James Chapman,
Thanks for you response,
According to you advice, there are 2 methods to connect 2 LANs
cross L2TPv3 Tunnel, "routing" and "bridging" right?
After I setup the HostA and HostB with properly routing table configure by
using "route" command. and setup tunnel argument by using "ip l2tp"
command of iproute-3.4. I also enable IP forwarding mechanism on
both HostA/B, and set each peer tunnel host as default gateway for
HostA/HostB. It works now.
The LANs can connect to each other cross L2TPv3 tunnel.
The following is routing table of HostA and HostB.
----------------------------
HostA
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 10.5.5.2 0.0.0.0 UG 0 0 0
l2tpeth0
10.5.5.2 0.0.0.0 255.255.255.255 UH 0 0 0
l2tpeth0
172.5.5.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
----------------------------
HostB
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 10.5.5.1 0.0.0.0 UG 0 0 0
l2tpeth0
10.5.5.1 0.0.0.0 255.255.255.255 UH 0 0 0
l2tpeth0
172.5.5.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
----------------------------
However, you said another way to connect two LANs is "bridging"?
How should I set to use "bridging" mechanism to connect two LAN?
May you give me some configure examples?
Thanks very much!
2012/6/15 James Chapman <[email protected]>
> Hi Raymond,
>
> On 13/06/12 08:03, Raymond wrote:
> > Hi all,
> >
> > I think I have a question when using l2tpv3tun 0.2 tool to establish
> > tunnel between two LAN.
>
> The l2tpv3tun commands have been integrated into the standard Linux ip
> utility now. You'll need iproute-3.4 or later. The commands are all the
> same. It's no problem to use l2tpv3tun if your ip utility doesn't yet
> have the "ip l2tp" commands though.
>
> > What should I set in l2tpv3 host machines as routers to forward packets
> > from local clients to remote
> > servers through l2tpv3 tunnel?
>
> You configure the l2tpethN interfaces in exactly the same way that you
> configure physical ethN interfaces. Setup routing or bridging.
>
> >
> > Client1(2,3,4...) LAN <-------> (l2tpv3 HostA) <-----Internet---->
> > (l2tpv3 HostB) <-------> Server1(2,3,4...)LAN
> >
> > Client1(2.3.4...) LAN
> > Private IP 2.2.2.0/255.255.255.0 <http://2.2.2.0/255.255.255.0>
> >
> > HostA
> > Public IP: 172.5.5.127
> > Private IP: 10.5.5.1
> >
> > HostA
> > Public IP: 172.5.5.111
> > Private IP: 10.5.5.2
> >
> > Server1(2.3.4...) LAN
> > Private IP 2.2.2.0/255.255.255.0 <http://2.2.2.0/255.255.255.0>
> >
> > According to the article "Using L2TPv3 unmanaged tunnels"
> > http://www.openl2tp.org/pipermail/openl2tp-users/2010-April/000836.html
> > I can establish unmanaged l2tpv3 tunnel between two l2tpv3 hosts by
> > following command.
> >
> > HostA:
> > # l2tpv3tun add tunnel tunnel_id 42 peer_tunnel_id 45 udp_sport 5000
> > udp_dport 6000 \
> > encap udp local 172.5.5.127 remote 172.5.5.111
> > # l2tpv3tun add session tunnel_id 42 session_id 128 peer_session_id 519
> > # l2tpv3tun add 10.5.5.1/32 <http://10.5.5.1/32> peer 10.5.5.2/32
> > <http://10.5.5.2/32> dev l2tpeth0
> > # ifconfig l2tpeth0 up
> >
> > HostB:
> > # l2tpv3tun add tunnel tunnel_id 45 peer_tunnel_id 42 udp_sport 6000
> > udp_dport 5000 \
> > encap udp local 172.5.5.111 remote 172.5.5.127
> > # l2tpv3tun add session tunnel_id 45 session_id 519 peer_session_id 128
> > # l2tpv3tun add 10.5.5.2/32 <http://10.5.5.2/32> peer 10.5.5.1/32
> > <http://10.5.5.1/32> dev l2tpeth0
> > # ifconfig l2tpeth0 up
> >
> > After above, I can only ping HostB 10.5.5.2 success from HostA 10.5.5.1 .
> > But ping server1(2,3,4...) from client1(2,3,4..) through l2tpv2 tunnel
> > doesn't work.
> > What should I set in both side?
>
> You've set up a tunnel between HostA and HostB. I'm not sure what you
> mean by "server". If it is another box in your network, the other side
> of the tunnel, you'll need to enable IP forwarding and make sure route
> tables are properly configured, just as you would if the link between
> HostA and HostB were a physical link.
>
Yes! "server" is just another box in other side of tunnel.
>
>
> --
> James Chapman
> Katalix Systems Ltd
> http://www.katalix.com
> Catalysts for your Embedded Linux software development
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Openl2tp-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openl2tp-users
