L2TP Road Warrior
This example consists of an additional road warrior client, this time running Windows XP and using Microsoft’s L2TP road warrior client.
Network A Configuration
Create a certificate with the following properties:
|Common Name||L2TP road warrior|
|Organization||My Company Ltd|
Note: No ID is required on this certificate.
Now create the L2TP road warrior tunnel:
|Name||L2TP road warrior|
|Authenticate by||Certificate provided by peer|
Export the certificate in PKCS#12 format. We will call this file computercert.p12. You will also need the CA file, ca.pem.
L2TP Client Configuration
This tutorial only outlines the process of configuring an L2TP client. For detailed instructions, see Configuring an L2TP Road warrior Connection. Begin by using the L2TP wizard to import the two certificates. After bringing up the New Connection wizard, the only details that must be configured is the VPN gateway external address, 18.104.22.168 in this example. In TCP/IP properties; Advanced settings, you can use the remote network as the default gateway for the L2TP client. This option, turned on by default, is required if the client needs to be able to route to the Smoothwall B and Smoothwall C networks. This is because the L2TP client doesn't provide any facilities for setting up remote network masks. In the Connection dialog box, enter the username and password as configured on the Smoothwall A gateway:
Finally, press Connect to initiate a connection the Smoothwall A VPN gateway.
Creating a firewall rule
For traffic to flow through the tunnel, you must create a firewall rule that allows traffic to be routed between the internal networks and the clients connecting via L2TP. This is done in the Network - Firewall section. For a bi-directional rule select both L2TP and the Internal interfaces in both incoming and outgoing interfaces and select the accept action.