tc-bmobile_l2tp-bsd-20050104-KuntzR.txt Setup L2TP with b-mobile on NetBSD v1.1 - Last updated 2005-02-17 ------------------------------ Romain KUNTZ kuntz(at)sfc.wide.ad.jp In this memo, we will explain how to setup L2TP on NetBSD, particularly when using B-Mobile or AirH cards. 1. Get and compile L2TPD ------------------------ Get L2TPD from http://sourceforge.net/projects/l2tpd http://sourceforge.net/project/showfiles.php?group_id=18217 You need to patch it in order to be able to compile it on NetBSD. Get the patch on Nautilus6 website: http://www.nautilus6.org/doc.html This patch has been created thanks to Mihai Chelaru and his mail on the L2TPD mailing list (http://l2tpd.graffl.net/msg00915.html) Untar the l2tpd tarball: # tar zxvf l2tpd-0.69.tar.gz Go to the l2tpd directory and apply the patch (for l2tpd v0.69) # cd l2tpd-0.69/ # patch -p1 < tc-bmobile_l2tp-bsd-l2tpd-0.69.patch I used the following compiler to compile l2tpd, it worked fine: bash-2.05b# cc -v Using builtin specs. gcc version 2.95.3 20010315 (release) (NetBSD nb3) Compile l2tpd: # make 2. Configure L2TPD ------------------ Create the following mandatory directory: # mkdir /etc/l2tpd Go to the l2tpd configuration directory, and create the l2tp.conf option file. Change the options according to your configuration. # cd /etc/l2tpd/ # vi l2tp.conf ; l2tpd configuration file [global] ; Global parameters: port = 1701 ; * Bind to port 1701 auth file = /etc/l2tp/l2tp-secrets ; * Where our challenge secrets are access control = no ; * Disable access control [lac nautilus] ; LAC definition lns = 203.XXX.XXX.XXX ; * Who is our LNS? pppoptfile = /etc/ppp/peers/l2tp ; * ppp options file ppp debug = yes ; * Turn on PPP debugging name = bender ; * Your hostname autodial = yes ; * Automatically dial LNS hidden bit = no ; * Use hidden AVP's? redial = yes ; * Redial if disconnected? redial timeout = 15 ; * Wait n seconds between redials max redials = 4 ; * Give up after n consecutive failures ;####### EOF ####### Create the "l2tp-secrets" file, and replace "" with your secret password if any. # vi l2tp-secrets * * "" 3. PPP configuration -------------------- Create the ppp configuration file in your "/etc/ppp/peers/" directory. Here is typically the options you will need: # vi /etc/ppp/peers/l2tp noauth lock unit 1 +ipv6 ipv6cp-accept-local lcp-echo-interval 60 lcp-echo-failure 4 4. L2TP services with B-Mobile ------------------------------------ a. Connection ------------- First, start your B-Mobile or AirH connection. To configure a B-Mobile or AirH card on NetBSD, please check the memo available on Nautilus6 website: http://www.nautilus6.org/doc.html Then launch the L2TP daemon: go to L2TP directory (add the -D option to run in foreground and see some debug informations): # ./l2tpd To launch the l2tp daemon automatically when the B-Mobile ppp connection is up, you can add in the "/etc/ppp/ip-up" file: /path/to/l2tpd If the "/etc/ppp/ip-up" does not exist, create it as a shell script. Typically: # vi /etc/ppp/ip-up #!/bin/sh /path/to/l2tpd Don't forget to set the execution bit to your script: #chmod u+x /etc/ppp/ip-up Once l2tpd is launched, a pipe is created in /var/run/l2tp-control. Commands can then be echoed to this pipe to control l2tp on the fly. For example, you can create the tunnel (if you didn't use the "autodial = yes" option in the l2tpd.conf file): # echo "t 203.XXX.XXX.XXX" > /var/run/l2tp-control Replace 203.XXX.XXX.XXX with the adress of your LNS (L2TP server) When l2tpd runs in foreground (with the -D option), you can print some status, for example the tunnel id: # echo "s" > /var/run/l2tp-control You can also create the "/etc/ppp/ipv6-up" script that is executed when the IPv6 connectivity is setup. For instance, if your L2TP server does not send any Router advertisement, you can use this script to conifugure your network interface. The ipv6-up script is called with some arguments, see man pppd for more informations: #!/bin/sh # example of ipv6-up script /sbin/ifconfig $1 inet6 2001:XXXX:XXXX:XXXX:202 prefixlen 64 /sbin/route add -inet6 default $5%$1 You can now enjoy IPv6 connectivity with your B-Mobile card ! # ping6 www.kame.net PING6(56=40+8+8 bytes) 2001:XXXX:XXXX:XXXX::202 --> 2001:200:0:8002:203:47ff:fea5:3085 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=0 hlim=61 time=245.21 ms 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=1 hlim=61 time=272.422 m b. Deconnection --------------- You can disconnect the tunnel identified by tid with: # echo "d tid" > /var/run/l2tp-control Or send a INT signal to l2tpd: # kill -2 `cat /var/run/l2tpd.pid` To disconnect the tunnel automatically when the B-Mobile ppp connection is down, you can create the "/etc/ppp/ip-down" script and add: kill -2 `cat /var/run/l2tpd.pid` You can also create the "/etc/ppp/ipv6-down" script that is executed when the IPv6 connectivity is down. The ipv6-down script is called with some arguments, see man pppd for more informations: #!/bin/sh # example of ipv6-down script /sbin/ifconfig $1 inet6 delete 2001:XXXX:XXXX:XXXX::202 /sbin/route delete -inet6 default $5%$1 -- Any questions ? Please mail me: kuntz(at)sfc.wide.ad.jp