The mission:
So the object here was to make Centos servers connect via L2TP to a Mikrotik LAC in order to provide connectivity with private ip’s.
This example will build a persistent L2TP tunnel which will auto reconnect and try to remain persistent.
On Mikrotik L2TP Server:
I used standard ppp profile in this example.
/ppp profile set default change-tcp-mss=yes comment="" name=default only-one=default \ use-compression=default use-encryption=default use-vj-compression=default
Configured a secret in Mikrotik:
/ppp secret add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=10.0.0.1 name=MyUserName password=MyPassword profile=default \ remote-address=10.0.0.254 routes="" service=l2tp
On Mikrotik L2TP Server:
Install xl2tp from EPEL repo
yum install xl2tpd
Change /etc/xl2tpd/xl2tpd.conf
; This is a minimal sample xl2tpd configuration file for use as L2TP client. ; [global] debug tunnel = yes [lac vpnserver] lns = yourserverip ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd.client length bit = yes redial = yes redial timeout = 2 autodial = yes
create or edit if exists /etc/ppp/options.xl2tpd.client
ipcp-accept-local ipcp-accept-remote refuse-eap require-mschap-v2 noccp noauth idle 1800 mtu 1410 mru 1410 nodefaultroute debug lock connect-delay 5000 name MyUserName password MyPassword persist maxfail 0
Create file: /etc/ppp/ip-up.local and remember to chmod +x ….
#!/bin/sh # Where 10.0.0.1 is the Tunnel endpoint IP defined on Mikrotik or Linux LAC case in 10.0.0.1) # VPN - IP ROUTE BEING ADDED AT RECONNECTION route add -net 10.0.0.0/24 gw 10.0.0.1; ;; esac
Now start xl2tpd..
/etc/init.d/xl2tpd start
Result: ifconfig….
[root@myserv ~]# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.0.254 P-t-P:10.0.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1410 Metric:1 RX packets:1198 errors:0 dropped:0 overruns:0 frame:0 TX packets:1260 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:156001 (152.3 KiB) TX bytes:1144669 (1.0 MiB)
A Snippet of the routing table…
[root@myserv ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.254.255.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.254.255.0 10.254.255.1 255.255.255.0 UG 0 0 0 ppp0