Line 64: |
Line 64: |
| ==Configuration settings== | | ==Configuration settings== |
| | | |
− | You need at least one user on the system - for testing it can be admin. The user account needs VPN Client Access enabled in the Server Manager | + | You need at least one ordinary user on the system - for testing it can be admin. The user account needs VPN Client Access enabled in the Server Manager |
| | | |
| ===Keys=== | | ===Keys=== |
| + | |
| + | These are the ipsec database keys required to setup the server |
| | | |
| * IPRange Start/Finish | | * IPRange Start/Finish |
| An IP range from your server. | | An IP range from your server. |
| Note it '''MUST NOT''' conflict with IPs issued by your DHCP server | | Note it '''MUST NOT''' conflict with IPs issued by your DHCP server |
| + | |
| + | db ipsec_connections setprop L2TPD-PSK IPRangeStart 192.168.1.176 IPRangeFinish 192.168.1.190 |
| | | |
| * rightsubnet | | * rightsubnet |
− | The subnet of the remote / dialin network
| + | This must be the subnet in CIDR format and match the IP range allocated above eg: |
| + | |
| + | db ipsec_connections setprop L2TPD-PSK rightsubnet 192.178.1.176/28 |
| | | |
| * passwd | | * passwd |
| + | |
| IPsec pre shared key as per ipsec db connection below. Every user will need this common password.<br> | | IPsec pre shared key as per ipsec db connection below. Every user will need this common password.<br> |
| '''Make it long and complicated !''' | | '''Make it long and complicated !''' |
| + | |
| db ipsec_connections setprop L2TPD-PSK password SomeLongComplicatedSecret | | db ipsec_connections setprop L2TPD-PSK password SomeLongComplicatedSecret |
| | | |
| + | Ensure the connection is enabled: |
| + | |
| + | db ipsec_connections setprop L2TPD-PSK status enabled |
| + | |
| + | Ensure that the ipsec service is enabled: |
| + | |
| + | config setprop ipsec status enabled |
| + | |
| + | Xl2tps settings |
| * DNS | | * DNS |
− | Defaults to the SME server. Can add extra servers if required
| + | Optional - defaults to the SME server. Can add extra servers if required |
| config setprop xl2tpd DNS 8.8.8.8,8.8.4.4 | | config setprop xl2tpd DNS 8.8.8.8,8.8.4.4 |
| | | |
| * access | | * access |
− | Defaults to private | + | Defaults to private. Not necessary to set public. |
| + | |
| + | config setprop xl2tpd status enabled |
| + | |
| + | *UDPPort |
| + | Defaults to 1701 |
| | | |
| * debug | | * debug |
| Defaults to disabled | | Defaults to disabled |
| | | |
− | ===Create Server Connection===
| + | ==Create Server Connection== |
| | | |
| {{Note box|Remember that there can only be ONE IPSEC/L2TPD-PSK connection per public facing IP}} | | {{Note box|Remember that there can only be ONE IPSEC/L2TPD-PSK connection per public facing IP}} |
Line 102: |
Line 124: |
| db ipsec_connections setprop L2TPD-PSK \ | | db ipsec_connections setprop L2TPD-PSK \ |
| status enabled \ | | status enabled \ |
− | IPRangeStart 192.168.101.180 \ | + | IPRangeStart 192.168.1.176 \ |
− | IPRangeFinish 192.168.101.200 \ | + | IPRangeFinish 192.168.101.90 \ |
− | rightsubnet 192.168.101.0/24 \ | + | rightsubnet 192.168.101.176/28 \ |
| passwd somesecret | | passwd somesecret |
| | | |