The configuration script – Allied Telesis VPN User Manual
Page 5
Configuring the router > The configuration script
Page 5 | AlliedWare™ OS How To Note: VPNs with Windows 2000 clients, without NAT-T
The configuration script
Note:
Comments are indicated in the script below using the # symbol.
Placeholders for IP addresses, passwords, etc are indicated by text within < >
set system name=”IPSec Gateway”
#
The command below shows the Security Officer inactive timeout delay.
#
The default is 60 seconds. During setup you can instead use 600
#
seconds if desired.
set user securedelay=600
#
The incoming L2TP calls will be CHAP authenticated.
#
They may be authenticated against the router's user database as
#
configured below, or against a RADIUS Server if configured.
add user=dialin1 pass=friend1 login=no
add user=dialin2 pass=friend2 login=no
add user=dialin3 pass=friend3 login=no
add user=dialin4 pass=friend4 login=no
add user=secoff pass=<your-password> priv=securityOfficer login=yes
set user=secoff description=”Security Officer Account”
#
If RADIUS server support is needed, use a line such as this:
#
add radius server=<your-RADIUS-server-address> secret=<secret-key>
#
All dynamic incoming L2TP calls will associate with this PPP template
#
as indicated below.
create ppp template=1 bap=off ippool="ip" authentication=chap echo=10
lqr=off
#
To cater for dynamic creation of incoming L2TP calls enter the
#
following commands.
enable l2tp
enable l2tp server=both
add l2tp ip=1.1.1.1-255.255.255.254 ppptemplate=1
#
The IP address allows for any valid Internet address.
enable ip
add ip int=vlan1 ip=<office-private-LAN-address>
add ip int=eth0 ip=<office-Internet-address> mask=<appropriate-mask>
#
The default route to the Internet.
add ip route=0.0.0.0 mask=0.0.0.0 int=eth0
next=<your-Internet-gateway-or-ISP-next-hop-address>
#
The IP pool addresses are the internal address ranges you want to
#
allocate to your IPSec remote PC clients
#
(e.g. ip=192.168.8.1-192.168.8.254).
create ip pool=ip ip=<pool-range>