What is the physical link between C1 annd M1? PPP can be used over a serial line (e.g. modem link), or ATM, or ethernet, or others.
When used as a LAC, OpenL2TP would need to pass the PPP frames from C1 over the L2TP tunnel to M2. (PPP is carried inside the L2TP tunnel.) OpenL2TP does not have this feature. To debug your setup, enable debug. The simplest way to do so for install testing is to run openl2tpd -d all -D -f. When not run in the foreground, debug will go to syslog. James On 27/05/15 17:16, Ajay Garg wrote: > Hi James, > > Thanks a ton for taking the time !! > Also, I am extremely sorry for not being clear before. > > > What we want is a simple vanilla setup as follows :: > > Android Client (C1) ----- LAC (M1) ------ LNS (M2) > > > If I understand https://www.ietf.org/rfc/rfc2661.txt correctly, the C1 > <--> M1 path would be simple PPP, while the M1 <--> M2 path would be > L2TP. Implicit is the fact that M1 would be the L2TP-client, while M2 > would be the L2TP-server. > > > > So, in the above, my base question remains the same :) > > Will the above _pre-configurations_ suffice, and cause all > tunnel/session creations to be done automatically, _without any further > configuration_ ? > > Or tunnel/session creations need to be _configured AND created on the > fly_ upon each incoming end-point-VPN-request ? > > > > Thanks again for your time; hoping to hear more from you experts !!! > > > Thanks and Regards, > Ajay > > On Wed, May 27, 2015 at 6:27 PM, James Chapman > <[email protected] <mailto:[email protected]>> wrote: > > If I understand you correctly, you want a feature sometimes referred > to as "tunnel switching" where L2TP sessions are forwarded by the > LAC to the LNS over other L2TP tunnels. OpenL2TP does not support > this feature. > > It might be possible to use the OpenL2TP and PPP event scripts to > setup IP forwarding rules at the LAC, where the LAC has a PPP > instance terminating the connection from the client, and a PPP > instance used to connect with the LNS, for each user client > connection. Then, event scripts would setup IP forwarding rules to > route traffic from one PPP interface to another. The datapath would > look something like:- > > Android client ------ L2TP ---------- ppp0 LAC ppp1 -------- L2TP > ----------- ppp42 LNS > > The ppp interfaces ppp0 and ppp1 at the LAC would be assigned IP > addresses. IP routing would cause traffic arriving on ppp0 to be > routed via ppp1 and vice versa. > > However, the above would not be easy to setup and manage. It would > also not be scalable since you'd have two pppd instances for every > Android client connection at the LAC. > > James > > > On 27/05/15 10:38, Ajay Garg wrote: >> Hi All. >> >> We are wishing to setup VPN via L2TP in an end-to-end scenario. >> However, we have some queries regarding the integration of >> OpenL2TP in this end-to-end scenario. >> >> >> >> === The intended scneario (Very High Level) === >> >> OpenL2TP-framework is set up, and an end-point-client connects to >> this VPN. >> >> >> >> === The intended scneario (High Level) === >> >> LAC is set up on machine M1. >> LNS is set up on machine M2. >> >> >> Android Phone C1 connects to VPN, using *M1 as the server in the >> credentials* (please correct me if I am wrong in this regard). >> >> >> >> === Queries === >> >> a) >> Following *static, pre-configured* settings have been done :: >> >> >> On LAC (M1) :: >> ---------------------- >> >> 1) >> Peer-Profile(s) for C1 authentication etc. >> >> 2) >> PPP-Profile(s) for C1 authentication etc. >> >> 3) >> Tunnel-Profile(s), that will be used to create M1 <--> >> M2 tunnels when end-point-VPN-requests (calls) come in. >> >> 4) >> Session-Profile(s), that will be used to create M1 >> <--> M2 sessions when end-point-VPN-requests (calls) come in. >> >> >> >> On LNS (M2) :: >> ------------------------ >> >> No profile to be set up. >> >> >> Will the above *pre-configurations* suffice, and cause all >> tunnel/session creations to be done *automatically* ? >> Or tunnel/session creations need to be created on the fly >> *pseudo-manually* upon *each* incoming end-point-VPN-request ? >> >> >> Hoping for a reply to the above, as it will help clear our >> understanding of how openl2tp may fit into the larger scheme of >> things. >> >> >> >> Thanks and Regards, >> Ajay >> >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> Openl2tp-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/openl2tp-users > > > > > -- > Regards, > Ajay ------------------------------------------------------------------------------ _______________________________________________ Openl2tp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openl2tp-users
