Well, this is working too, by and large.
l2tpns is an integrated L2TP LNS, PPP stack and Radius Client. It uses a Linux ethertap interface so it only needs one network interface on the server.
#set debug 5 set log_file “/var/log/l2tpns” set pid_file “/var/run/l2tpns.pid” set l2tp_secret “secret” set primary_dns 192.168.0.1 set secondary_dns 0.0.0.0 set save_state no set primary_radius 127.0.0.1 set primary_radius_port 1812 #set secondary_radius 1.2.3.7 set radius_accounting yes set radius_secret “testing123″ set bind_address 10.20.30.1 #set bind_address 192.168.3.1 set peer_address 192.168.3.254 #set throttle_speed 64 set accounting_dir “/var/run/l2tpns/acct” #set setuid 0 #set dump_speed no #load plugin “garden” #load plugin “throttlectl” #load plugin “autothrottle” #load plugin “snoopctl” #load plugin “autosnoop”
For reference, 10.20.30.1 is the address of wlan0. I’ve given l2tpns 192.168.3.0/24 as its IPPool.
However, this isn’t quite satisfactory yet. l2tpns assigns 10.20.30.1 to tun0, while I wanted that to be 192.168.3.1. But if I set it that way, it doesn’t receive the L2TP packets on wlan0.
Also, it gives out DNS servers, but not a domain suffix. And I can’t control most of it from the RADIUS server.
I’ve not looked at the source yet, and this is a slightly older version, and there’s also a development branch which has IPv6, CHAP and some other neat things.
Gah. OpenL2TP’s kernel module hard-locked my machine, and rp-l2tp is not Debian- packaged yet. I’d prefer to use OpenL2TP (I like kernel-mode things. ^_^) so I’m gonna futz around with the next OpenL2TP prerelease.
# Global section (by default, we start in global mode) global
# Load handlers load-handler “sync-pppd.so” load-handler “cmd.so”
# Bind address listen-port 1701
# Configure the sync-pppd handler. You MUST have a “section sync-pppd” line # even if you don’t set any options. section sync-pppd lns-pppd-opts “require-pap 10.0.0.1:10.0.0.2 lcp-echo-interval 30 lcp-echo-failure 6″ lac-pppd-opts “noauth user l2tp name suu noipdefault defaultroute usepeerdns ipcp-accept-local ipcp-accept-remote lcp-echo-interval 30 lcp-echo-failure 6″
# Peer section section peer peer 10.20.30.1 secret secret port 1701 lac-handler sync-pppd lns-handler sync-pppd hide-avps yes
# Configure the cmd handler. You MUST have a “section cmd” line # even if you don’t set any options. section cmd
The user l2tp is in /etc/ppp/pap-secrets. (As impllied above, l2tpns doesn’t support CHAP yet)
Since I’m using Debian, I’ve got an /etc/network/interfaces on Suu as follows:
iface qbn inet dhcp
wireless_mode ad-hoc
wireless_key off
wireless_essid Bubblesworth-QBN
wireless_channel 13
wireless_commit commit
up /etc/init.d/ipsec restart
up sleep 5
up ipsec auto —up keiwlan
up l2tp-control “exit” || true
up /usr/local/sbin/l2tpd
up l2tp-control “start-session 10.20.30.1″
down l2tp-control “exit”
down ipsec auto —down keiwlan
Here, we have the last three “up” lines and the first “down” line. This is like this because rp-l2tp’s not Debian-packaged, so I’m running a local version. “exit” is probably a really bad idea, but frankly I couldn’t be assed scripting a session-list query to kill the right session.