Filter
Top Products
Configuring the router > The configuration script
Page 5 | AlliedWare™ OS How To Note: VPNs with Windows 2000 clients, without NAT-T
The configuration script
Note: Comments are indicated in the script below using the # symbol.
Placeholders for IP addresses, passwords, etc are indicated by text within < >
set system name=”IPSec Gateway”
# The command below shows the Security Officer inactive timeout delay.
# The default is 60 seconds. During setup you can instead use 600
# seconds if desired.
set user securedelay=600
# The incoming L2TP calls will be CHAP authenticated.
# They may be authenticated against the router's user database as
# configured below, or against a RADIUS Server if configured.
add user=dialin1 pass=friend1 login=no
add user=dialin2 pass=friend2 login=no
add user=dialin3 pass=friend3 login=no
add user=dialin4 pass=friend4 login=no
add user=secoff pass=<your-password> priv=securityOfficer login=yes
set user=secoff description=”Security Officer Account”
# If RADIUS server support is needed, use a line such as this:
# add radius server=<your-RADIUS-server-address> secret=<secret-key>
# All dynamic incoming L2TP calls will associate with this PPP template
# as indicated below.
create ppp template=1 bap=off ippool="ip" authentication=chap echo=10
lqr=off
# To cater for dynamic creation of incoming L2TP calls enter the
# following commands.
enable l2tp
enable l2tp server=both
add l2tp ip=1.1.1.1-255.255.255.254 ppptemplate=1
# The IP address allows for any valid Internet address.
enable ip
add ip int=vlan1 ip=<office-private-LAN-address>
add ip int=eth0 ip=<office-Internet-address> mask=<appropriate-mask>
# The default route to the Internet.
add ip route=0.0.0.0 mask=0.0.0.0 int=eth0
next=<your-Internet-gateway-or-ISP-next-hop-address>
# The IP pool addresses are the internal address ranges you want to
# allocate to your IPSec remote PC clients
# (e.g. ip=192.168.8.1-192.168.8.254).
create ip pool=ip ip=<pool-range>