Changes

From SME Server
Jump to navigationJump to search
571 bytes added ,  18:17, 24 February 2020
no edit summary
Line 64: Line 64:  
==Configuration settings==
 
==Configuration settings==
   −
You need at least one user on the system - for testing it can be admin. The user account needs VPN Client Access enabled in the Server Manager
+
You need at least one ordinary user on the system - for testing it can be admin. The user account needs VPN Client Access enabled in the Server Manager
    
===Keys===
 
===Keys===
 +
 +
These are the ipsec database keys required to setup the server
    
* IPRange Start/Finish
 
* IPRange Start/Finish
 
An IP range from your server.
 
An IP range from your server.
 
Note it '''MUST NOT''' conflict with IPs issued by your DHCP server
 
Note it '''MUST NOT''' conflict with IPs issued by your DHCP server
 +
 +
db ipsec_connections setprop L2TPD-PSK IPRangeStart 192.168.1.176 IPRangeFinish 192.168.1.190
    
* rightsubnet
 
* rightsubnet
The subnet of the remote / dialin network
+
This must be the subnet in CIDR format and match the IP range allocated above eg:
 +
 
 +
db ipsec_connections setprop L2TPD-PSK rightsubnet 192.178.1.176/28
    
* passwd
 
* passwd
 +
 
IPsec pre shared key as per ipsec db connection below. Every user will need this common password.<br>
 
IPsec pre shared key as per ipsec db connection below. Every user will need this common password.<br>
 
'''Make it long and complicated !'''
 
'''Make it long and complicated !'''
 +
 
  db ipsec_connections setprop L2TPD-PSK password SomeLongComplicatedSecret
 
  db ipsec_connections setprop L2TPD-PSK password SomeLongComplicatedSecret
    +
Ensure the connection is enabled:
 +
 +
db ipsec_connections setprop L2TPD-PSK status enabled
 +
 +
Ensure that the ipsec service is enabled:
 +
 +
config setprop ipsec status enabled
 +
 +
Xl2tps settings
 
* DNS
 
* DNS
Defaults to the SME server. Can add extra servers if required
+
Optional - defaults to the SME server. Can add extra servers if required
 
  config setprop xl2tpd DNS 8.8.8.8,8.8.4.4
 
  config setprop xl2tpd DNS 8.8.8.8,8.8.4.4
    
* access
 
* access
Defaults to private
+
Defaults to private. Not necessary to set public.
 +
 
 +
config setprop xl2tpd status enabled
 +
 
 +
*UDPPort
 +
Defaults to 1701
    
* debug
 
* debug
 
Defaults to disabled
 
Defaults to disabled
   −
===Create Server Connection===
+
==Create Server Connection==
    
{{Note box|Remember that there can only be ONE IPSEC/L2TPD-PSK connection per public facing IP}}
 
{{Note box|Remember that there can only be ONE IPSEC/L2TPD-PSK connection per public facing IP}}
Line 102: Line 124:  
  db ipsec_connections setprop L2TPD-PSK \  
 
  db ipsec_connections setprop L2TPD-PSK \  
 
       status enabled \
 
       status enabled \
       IPRangeStart 192.168.101.180 \
+
       IPRangeStart 192.168.1.176 \
       IPRangeFinish 192.168.101.200 \
+
       IPRangeFinish 192.168.101.90 \
       rightsubnet 192.168.101.0/24 \
+
       rightsubnet 192.168.101.176/28 \
 
       passwd somesecret
 
       passwd somesecret
  

Navigation menu