Many ISP's in Russia, Ukraine, Israel and other countries offer connection using Layer 2 Tunneling Protocol. In many cases ISP provides a "local" network, where internal resources of ISP are located (ftp, forums, etc.) Also users can exchange files through "local" network by P2P programs, like Direct Connect|. Traffic in "local" network is free or not limited by speed. This is called Dual Access.

The only OpenWrt package which uses the kernel to pass L2TP traffic is openl2tp. This guide will help to configure OpenWrt to connect to ISP using this package.

• openl2tp-full

opkg install openl2tp-full

1. Create openl2tpd script in /etc/init.d/

   #!/bin/sh /etc/rc.common
    
    
   START=90
   STOP=10
    
   USER='login'
   # Next line L2TP server domain name or IP
   L2TPSERVER=''
    
   L2TP='openl2tpd'
   OPTS='-u 1701'
   CONF='l2tpconfig'
   RPC='portmap'
   MOD='pppol2tp'
   export L2TP_HISTFILE='/dev/null'
    
    
   start() {
     echo -n "Checking for $L2TP... "
     L2TP_PROG=`which $L2TP`
     if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
       echo "yes"
     else
       echo "no"
       return 1
     fi
    
     echo -n "Checking for $CONF... "
     CONF_PROG=`which $CONF`
     if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
       echo "yes"
     else
       echo "no"
       return 1
     fi
    
     if ! pidof $RPC 1> /dev/null 2> /dev/null; then
       echo -n "Starting $RPC... "
       RPC_PROG=`which $RPC`
       if [ -n "$RPC_PROG" ] && [ -x $RPC_PROG ] && start-stop-daemon -q -S -x $RPC_PROG; then
         echo "done"
       else
         echo "failed"
         return 1
       fi
     fi
    
     echo -n "Checking WAN status..."
     while [ -z "$(uci_get_state network wan up)" ] ; do
       	  sleep 1
     done
     echo "done"
    
     echo -n "Starting $L2TP... "
     if ! start-stop-daemon -q -S -x $L2TP_PROG -- $OPTS; then
       start-stop-daemon -q -K -x $L2TP_PROG
     fi
     echo "done"
    
     echo -n "Establishing tunnel... "
     ( echo "peer profile modify profile_name=default lac_lns=lac"
       echo "ppp profile modify profile_name=default mtu=1460 auth_pap=no auth_eap=no default_route=yes auth_none=no lcp_echo_interval=10"
       echo "tunnel create tunnel_name=corbina dest_ipaddr=$L2TPSERVER framing_caps=sync"
       echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
     if [ $? -ne 0 ]; then
       echo "failed"
       rm -f /var/run/$L2TP.pid
       return 1
     fi
     ( echo "session create tunnel_name=corbina session_name=corbina user_name=$USER"
       echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
     if [ $? -ne 0 ]; then
       echo "failed"
       rm -f /var/run/$L2TP.pid
       return 1
     fi
     echo "done"
    
   }
    
   stop() {
     echo -n "Checking for $L2TP... "
     L2TP_PROG=`which $L2TP`
     if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
       echo "yes"
     else
       echo "no"
       return 1
     fi
    
     echo -n "Checking for $CONF... "
     CONF_PROG=`which $CONF`
     if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
       echo "yes"
     else
       echo "no"
       return 1
     fi
    
     echo -n "Deleting tunnel... "
     ( echo "session delete tunnel_name=corbina session_name=corbina"
       echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
     if [ $? -ne 0 ]; then
       echo "failed"
     else
    
       ( echo "tunnel delete tunnel_name=corbina"
         echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
       if [ $? -ne 0 ]; then
         echo "failed"
       else
    
         echo "done"
       fi
     fi
    
     echo -n "Stopping $L2TP... "
     if ! start-stop-daemon -q -K -x $L2TP_PROG; then
       echo "not running"
       return 1
     else
       rm -f /var/run/$L2TP.pid
       echo "done"
     fi
    
   }
    
   restart() {
     stop
     sleep 10
     start
   }

   The sсript has a lot of debug, which can be removed.
2. Insert your username and server name or IP address into this script.
3. Give permission to execute the script:

   chmod 755 /etc/init.d/openl2tpd
   

4. Enter user name and password to /etc/ppp/chap-secrets:

   "username" * "password"
   

5. Create scripts to add and delete routes to L2TP server
   1. /etc/ppp/ip-up.d/addroute

      #!/bin/sh
      
      . /etc/functions.sh
      . /lib/network/config.sh
      
      GW="$(uci_get_state network wan gateway)"
      WAN="$(uci_get_state network wan ifname)"
      
      route add $PPP_REMOTE gw $GW dev $WAN
      route del $PPP_REMOTE dev $PPP_IFACE
      

   2. /etc/ppp/ip-down.d/delroute

      #!/bin/sh
      
      route del $PPP_REMOTE
      

   3. Give permissions to execute these scripts:

      chmod 755 /etc/ppp/ip-up.d/addroute
      chmod 755 /etc/ppp/ip-down.d/delroute
      

6. Add string replacedefaultroute and ipparam vpn to /etc/ppp/options. (ipparam is not needed for trunk).
7. Create new interface in /etc/config/network

   ...
   config 'interface' 'vpn'
   	option 'ifname' 'ppp0'
   	option 'proto' 'none'
   ...
   

8. Add reqopts to wan section of /etc/config/network (msstaticroutes option works only in trunk).

   option reqopts 'staticroutes msstaticroutes'
   

   They are needed to get static routes from ISP. Which reqopts to choose depends on ISP. They mean which dhcp option to use.
   * "staticroutes" = option 121
   * "msstaticroutes" = option 249
   * "routes" = option 33 (This is non yet implemented in default.script See Ticket 10294).
9. Add vpn interface to zone wan in /etc/config/firewall:

   option network 'wan vpn'
   

10. Now after reboot you can start openl2tp.

    /etc/init.d/openl2tpd start
    

11. To start openl2tp on boot

    /etc/init.d/openl2tpd enable
    

Option persist in pppd not always works correctly. that is why I made a keepalivel2tp script to reconnect.

/etc/ppp/keepalivel2tp

#!/bin/sh

if [ ! -f /var/run/openl2tpd.pid ]; then 
	while [ ! -f /var/run/ppp0.pid ]; do
		{
			/etc/init.d/openl2tpd restart
			sleep 60
		}
	done
fi