1 Brief Installation guide for L2TPNS
5 * libcli 1.8.5 or greater
6 You can get it from http://sourceforge.net/projects/libcli.
8 * A kernel with iptables support.
18 * make install. This process:
19 - Installs the binaries into /usr/sbin (l2tpns and nsctl).
20 - Creates the config dir /etc/l2tpns installs default config files.
21 - Ensures that /dev/net/tun exists.
23 * Modify config file. You probably need to change most of the config
26 * Set up basic firewall rules. The l2tpns process listens on a bunch of
29 23/tcp command line interface
30 1701/udp l2tp (on bind_address)
31 1702/udp control port (nsctl)
32 3799/udp RADIUS DAE port
33 32792/udp clustering messages
35 * If you are using the garden plugin, setup the walled garden firewall
36 rules. These should be in /etc/l2tpns/build-garden, which is run by the
37 plugin after creating/flushing the "garden" nat table.
39 iptables -t nat -A garden -p tcp -m tcp --dport 25 -j DNAT --to 192.168.1.1
40 iptables -t nat -A garden -p udp -m udp --dport 53 -j DNAT --to 192.168.1.1
41 iptables -t nat -A garden -p tcp -m tcp --dport 53 -j DNAT --to 192.168.1.1
42 iptables -t nat -A garden -p tcp -m tcp --dport 80 -j DNAT --to 192.168.1.1
43 iptables -t nat -A garden -p tcp -m tcp --dport 110 -j DNAT --to 192.168.1.1
44 iptables -t nat -A garden -p tcp -m tcp --dport 443 -j DNAT --to 192.168.1.1
45 iptables -t nat -A garden -p icmp -m icmp --icmp-type echo-request -j DNAT --to 192.168.1.1
46 iptables -t nat -A garden -p icmp -j ACCEPT
47 iptables -t nat -A garden -j DROP
49 * Set up IP address pools in /etc/l2tpns/ip_pool
52 - If you are running a single instance, you can simply statically route
53 the IP pools to the bind_address (l2tpns will send a gratuitous arp).
55 - For a cluster, configure the members as BGP neighbours on your router
56 and configure multi-path load-balancing (on Cisco use "maximum-paths").
58 * Make l2tpns run on startup. In a clustered environment running from
59 inittab is recomended:
61 l2tp:2345:respawn:/home/l2tpns/src/l2tpns >/dev/null 2>&1
67 This software is quite stable and is being used in a production environment at
68 a quite large ISP. However, you may have problems setting it up, and if so, I
69 would appreciate it if you would file useful bug reports on the Source Forge
72 http://sourceforge.net/projects/l2tpns/