Versions Compared

Old Version 19

changes.mady.by.user Māris B.

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (emils)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

LAC/LNS setup or otherwise known as Virtual Private DialUp Network (VPDN) allows long-distance point-to-point connection between remote dial-up users and private networks.

...

At the time of writing this article RouterOS cannot be used in LAC role. For this reason article will demonstrate how to set up very basic network with RouterOS as LNS and Cisco router as LAC.

Configuration

We will be using simple configuration to demonstrate very basics of VPDN setup. Lets assume that LAC will forward to the LNS clients with FQDN name containing mt.lv domain.

Client

For the sake of simplicity lets assume that client is RouterOS router:

Code Block
languageros
/interface pppoe-client add interface=ether1 user=good_worker@mt.lv password=strongpass

LAC

Lets assume that client is connected to the GigabitEthernet1 port and IP address of the LNS server is 10.155.101.231

...

Note that this setup does not authenticate client nor locally nor via RADIUS, does not actually check domain name, does not control L2 access for the sake of simplicity. If you want to use those features refer to Cisco configuration manuals.

LNS

On the LNS we need to enable L2TP server and set up method to authenticate the L2TP connection from the LAC.

...

Code Block
languageros
/ip pool
add name=pool0 ranges=192.168.99.2-192.168.99.99
/ppp profile
set default local-address=192.168.99.1 remote-address=pool0
/ppp secret
add name=good_worker@mt.lv password=strongpass

Status Check

On the LNS you can see all successfully connected clients by checking l2tp server interfaces or checking active ppp connections:

...

Code Block
languagetext
themeFadeToGrey
csrLAC#show vpdn

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
26090 11 CHR_v6_bgp est 10.155.101.231 50 LAC

LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
18521 16 26090 good_worker@mt.lv, Gi1 est 06:17:07 571

Session Establishment

Lets look closely on how clients sessions gets authenticated and established over the LAC.

  • Client initiates PPPoE call
  • LAC and Client begins LCP negotiation
  • after CHAP has been negotiated, LAC sends CHAP challenge
  • Client sends CHAP response
  • LAC checks whether client session should be forwarded to the LNS based on received domain name. Check can be done locally or using RADIUS server. Client also can be authenticated here before forwarding session.
  • LAC brings up an L2TP tunnel
  • LNS checks if the LAC is allowed to open a tunnel and run the authentication process. The Tunnel is up and ready to forward VPDN sessions.
  • LAC forwards negotiated with the client LCP options, username and password to the LNS
  • LNS authenticates the client locally or using RADIUS and sends CHAP response
  • IP Control Protocol (IPCP) phase is performed, IP addresses and routes are installed. At this point sessions is considered established.