PPTP / L2TP Server

From Wiki of WFilter NG Firewall
Jump to: navigation, search

Contents

1 PPTP / L2TP Server

PPTP / L2TP server can provide PPTP / L2TP VPN service for external users to connect.

  • You can check VPN clients ip addresses and usernames in "Real-time Bandwidth".
  • VPN users are not be applied by Access_Policy.
  • Activity of VPN users won't be recorded by Internet Usage.

2 PPTP / L2TP Settings

Description of PPTP / L2TP server settings:

  • Service: whether to enable the vpn service.
  • MPPE: when enabled, the VPN server will require 128bit MPPE stateless encryption.
  • IP Range: the ip addresses to be assigned to VPN clients. (Must be a LAN subnet)
  • Protocols: supported auth protocols, which shall be consistence with VPN client settings.
  • Authtype:
    • "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access.
    • "Email Auth": send credentials to a pop/imap email server for authentication.
    • "Ldap Auth": send credentials to a ldap server for authentication.
    • "Radius Auth": send credentials to a remote radius server for authentication.
    • For "LDAP Auth" and "Email Auth", only "pap" protocol is supported.
  • VPN type: choose L2TP or PPTP vpn type.

Faq pptp001.png

  • If you want to assign static ip and limit bandwidth to PPP clients, you need to setup "PPPoE Property" in "Accounts" settings.

Faq pptp002.png

3 Online Users

Faq pptp004.png

You can click "online users" to check the live VPN clients, including IP address, RX & tx bandwidth... Move your mouse over the "kill" icon to terminate a session.

4 Multiple Subnets

PPTP / L2TP clients can only belongs to one subnet. If your network has multiple subnets, you need to add route in client pc to access other subnets. For example, the server side has two subnets 192.168.10.x and 192.168.11.x. PPTP works in 192.168.10.x. To access another subnet, you need to execute below command in client:

route add 192.168.11.0 mask 255.255.255.0 192.168.10.1

5 Firewall Rules

When pptp / l2tp is enabled, a firewall ACL rule will be added automatically. PPTP is on tcp port 1723, L2tp is on udp port 1701.

6 FAQ

Personal tools
Namespaces

Variants
Actions
Navigation
Tools