Connect to ISP using L2TP with dual access

Many ISP's in Russia, Ukraine, Israel and other countries offer connection using Layer 2 Tunneling Protocol. In many cases ISP provides a "local" network, where internal resources of ISP are located (ftp, forums, etc.) Also users can exchange files through "local" network by P2P programs, like Direct Connect|. Traffic in "local" network is free or not limited by speed. This is called Dual Access.

The only OpenWrt package which uses the kernel to pass L2TP traffic is openl2tp. This guide will help to configure OpenWrt to connect to ISP using this package.

Preparation

Required Packages

  • openl2tp-full

Installation

opkg install openl2tp-full

Configuration

  1. Create openl2tpd script in /etc/init.d/
    #!/bin/sh /etc/rc.common
     
     
    START=90
    STOP=10
     
    USER='login'
    # Next line L2TP server domain name or IP
    L2TPSERVER=''
     
    L2TP='openl2tpd'
    OPTS='-u 1701'
    CONF='l2tpconfig'
    RPC='portmap'
    MOD='pppol2tp'
    export L2TP_HISTFILE='/dev/null'
     
     
    start() {
      echo -n "Checking for $L2TP... "
      L2TP_PROG=`which $L2TP`
      if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
        echo "yes"
      else
        echo "no"
        return 1
      fi
     
      echo -n "Checking for $CONF... "
      CONF_PROG=`which $CONF`
      if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
        echo "yes"
      else
        echo "no"
        return 1
      fi
     
      if ! pidof $RPC 1> /dev/null 2> /dev/null; then
        echo -n "Starting $RPC... "
        RPC_PROG=`which $RPC`
        if [ -n "$RPC_PROG" ] && [ -x $RPC_PROG ] && start-stop-daemon -q -S -x $RPC_PROG; then
          echo "done"
        else
          echo "failed"
          return 1
        fi
      fi
     
      echo -n "Checking WAN status..."
      while [ -z "$(uci_get_state network wan up)" ] ; do
        	  sleep 1
      done
      echo "done"
     
      echo -n "Starting $L2TP... "
      if ! start-stop-daemon -q -S -x $L2TP_PROG -- $OPTS; then
        start-stop-daemon -q -K -x $L2TP_PROG
      fi
      echo "done"
     
      echo -n "Establishing tunnel... "
      ( echo "peer profile modify profile_name=default lac_lns=lac"
        echo "ppp profile modify profile_name=default mtu=1460 auth_pap=no auth_eap=no default_route=yes auth_none=no lcp_echo_interval=10"
        echo "tunnel create tunnel_name=corbina dest_ipaddr=$L2TPSERVER framing_caps=sync"
        echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
      if [ $? -ne 0 ]; then
        echo "failed"
        rm -f /var/run/$L2TP.pid
        return 1
      fi
      ( echo "session create tunnel_name=corbina session_name=corbina user_name=$USER"
        echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
      if [ $? -ne 0 ]; then
        echo "failed"
        rm -f /var/run/$L2TP.pid
        return 1
      fi
      echo "done"
     
    }
     
    stop() {
      echo -n "Checking for $L2TP... "
      L2TP_PROG=`which $L2TP`
      if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
        echo "yes"
      else
        echo "no"
        return 1
      fi
     
      echo -n "Checking for $CONF... "
      CONF_PROG=`which $CONF`
      if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
        echo "yes"
      else
        echo "no"
        return 1
      fi
     
      echo -n "Deleting tunnel... "
      ( echo "session delete tunnel_name=corbina session_name=corbina"
        echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
      if [ $? -ne 0 ]; then
        echo "failed"
      else
     
        ( echo "tunnel delete tunnel_name=corbina"
          echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
        if [ $? -ne 0 ]; then
          echo "failed"
        else
     
          echo "done"
        fi
      fi
     
      echo -n "Stopping $L2TP... "
      if ! start-stop-daemon -q -K -x $L2TP_PROG; then
        echo "not running"
        return 1
      else
        rm -f /var/run/$L2TP.pid
        echo "done"
      fi
     
    }
     
    restart() {
      stop
      sleep 10
      start
    }
    The sсript has a lot of debug, which can be removed.
  2. Insert your username and server name or IP address into this script.
  3. Give permission to execute the script:
    chmod 755 /etc/init.d/openl2tpd
    
  4. Enter user name and password to /etc/ppp/chap-secrets:
    "username" * "password"
    
  5. Create scripts to add and delete routes to L2TP server
    1. /etc/ppp/ip-up.d/addroute
      #!/bin/sh
      
      . /etc/functions.sh
      . /lib/network/config.sh
      
      GW="$(uci_get_state network wan gateway)"
      WAN="$(uci_get_state network wan ifname)"
      
      route add $PPP_REMOTE gw $GW dev $WAN
      route del $PPP_REMOTE dev $PPP_IFACE
      
    2. /etc/ppp/ip-down.d/delroute
      #!/bin/sh
      
      route del $PPP_REMOTE
      
    3. Give permissions to execute these scripts:
      chmod 755 /etc/ppp/ip-up.d/addroute
      chmod 755 /etc/ppp/ip-down.d/delroute
      
  6. Add string replacedefaultroute and ipparam vpn to /etc/ppp/options. (ipparam is not needed for trunk).
  7. Create new interface in /etc/config/network
    ...
    config 'interface' 'vpn'
    	option 'ifname' 'ppp0'
    	option 'proto' 'none'
    ...
    
  8. Add reqopts to wan section of /etc/config/network (msstaticroutes option works only in trunk).
    option reqopts 'staticroutes msstaticroutes'
    
    They are needed to get static routes from ISP. Which reqopts to choose depends on ISP. They mean which dhcp option to use.
    * "staticroutes" = option 121
    *
    "msstaticroutes" = option 249
    * "routes" = option 33 (This is non yet implemented in default.script See Ticket 10294).
  9. Add vpn interface to zone wan in /etc/config/firewall:
    option network 'wan vpn'
    
  10. Now after reboot you can start openl2tp.
    /etc/init.d/openl2tpd start
    
  11. To start openl2tp on boot
    /etc/init.d/openl2tpd enable
    

Keepalive

Option persist in pppd not always works correctly. that is why I made a keepalivel2tp script to reconnect.

/etc/ppp/keepalivel2tp

#!/bin/sh

if [ ! -f /var/run/openl2tpd.pid ]; then 
	while [ ! -f /var/run/ppp0.pid ]; do
		{
			/etc/init.d/openl2tpd restart
			sleep 60
		}
	done
fi 
To use this script you need to give permission to execute the script and setup cron to start it periodically.

Back to top

doc/howto/connect_by_l2tp.txt · Last modified: 2012/12/09 19:02 by sanechca