HOWTO Setup L2TP over UMTS/GPRS for MIPL MIPv6 Instead of SIT ============================================================= I started using the MIPL mipv6-2.0-rc3 a couple of weeks back and found that our UMTS or GPRS connections cannot be used with this version of MIPL due to it not supporting SIT tunnels. We used SIT tuneels for an original version, but that solution did not work with this version. So, with the help of Romain Kuntz of Nautilus6 project, I was able to setup a L2TP tunnel instead of a SIT tunnel for MIPL. This is the document that I created when I set the L2TP connection up. Please be warned, that this might not be the only way of brining up an L2TP connection. There might be many other ways, other switches & options that can be used. But, this procedure worked well for me. Here in Germany, Vodafone or T-Online (connections that we have) does not provide IPv6 addresses for their UMTS or GPRS connections. More over, some operators provide only private IPv4 addresses. So, to get over these problems and successfully use Mobile IPv6 implementation, we have to create many tunnels to get to our servers. If we use a SIT tunnel solution with a connection from a provide that gives IPv4 addresses, we used to have the following tunnels. ---Tunnel--- ---Tunnel type--- UMTS/GPRS Point-to-Point tunnel To get over private IPv4 addresses VPN (IPv4) tunnel To have IPv6 to IPv4 conversion SIT tunnel When Using MIPv6 IPv6-IPv6 tunnel With a L2TP solution, you would require to setup the following tunnels, ---Tunnel--- ---Tunnel type--- UMTS/GPRS Point-to-Point tunnel To get over private IPv4 addresses & v6/v4 conversion L2TP tunnel When Using MIPv6 IPv6-IPv6 tunnel So you see, if your operator provides private IPv4 addresses, there is one tunnel less with L2TP, but of course the IP packet will still carry the same number of encapsulation headers. But our motivation for using L2TP was simply because SIT tunnels were not identified by MIPv6 RC3 of MIPL (NEMO-SE). So, here is how you setup a L2TP based tunnel to make your UMTS/GPRS connection work with MIPv6 or for any other purpose. What you need ------------- You need the following, * A server in your IPv6 environment (that also has global IPv4 connectivity) to have as the L2TP tunnel end-point * Roaring Penguine implementation of L2TP (rp-l2tp) (http://sourceforge.net/projects/rp-l2tp/) * Radvd daemon software (we used radvd-0.7.2-NEMO.tar) (http://v6web.litech.org/radvd/) * A mobile node Here is how I setup L2TP in our system, +--------+ +--------+ +--------+ | MIPv6 | IPv6 | L2TP | IPv4 Public IPv4 UMTS/GPRS| L2TP | | HA |-------| Server |---------------............---------------| Client | | | | (LNS) | Address Operator Address | (LNC) | +--------+ +--------+ Network +--------+ HA FR MN I assume that you are thorough with MIPv6 of MIPL. We used the NEPL-SE of Nautilus6 (which is based on MIPL) as we also wanted the Network Mobility (NEMO) extensions for our work. For the Mobile Network side, we used UU-AODVv6 as the routing protocol of the nodes in the Moving Network to connect to the Mobile Router and to the outside. This is equally valid for the MN in standard Mobile IPv6 as well. I also assume that you are aware of how to bring up a PPP connection for your UMTS/GPRS connection. The pppd daemon software comes by default in any distribution. To make things easier, I have placed all the scripts that was used and explained (including the UMTS/GPRS setup scripts) in this HOWTO at, http://www.comnets.uni-bremen.de/~adu/l2tp-umts-gprs-setup-scripts.tar.gz Kernel Modules Required ----------------------- To run L2TP, you must have the following 2 modules in your Linux environment. * n_hdlc * ppp_synctty Try loading them to see their availability with, modprobe n_hdlc modprobe ppp_synctty Compile & install the Software ------------------------------ Install rp-l2tp and radvd on the IPv6 server (FR). In both software, you run ./configure make make install Install rp-l2tp on the MN ./configure make make install Setup the UMTS/GPRS Connection on the mobile node ------------------------------------------------ I assume that you can get your PPP interface up and running for your UMTS/GPRS operator connection. In case you need some help, please refer to the following HOWTOs. http://portal.wikinerds.org/vodafone-3g-howto-suse-gentoo http://www.saunalahti.fi/nonn/linux_gprs.html Or myriad other sites that tell you howto setup your UMTS/GPRS connection to your operator in your country. L2TP Configuration Files ------------------------ To bring up an L2TP connection between the FR and the MN, both machines must have the following 4 configuration files. /etc/l2tp/l2tp-secrets /etc/l2tp/l2tp.conf /etc/ppp/options /etc/ppp/peers/l2tp Setup the L2TP Server (LNS) in your FR -------------------------------------- When you installed rp-l2tp, it would have created the /etc/l2tp directory. Create the l2tp-secrets and l2tp.conf files in this directory. Here is the format of your l2tp-secrets file. #--------------------------------------- #### BEGIN l2tp-secrets #### # Secrets for authenticating l2tp tunnels # for hosts refusing to authenticate themselves "" * "" * #### END l2tp-secrets #### #--------------------------------------- Here is the l2tp.conf file. #--------------------------------------- #### BEGIN l2tp.conf #### # Global section (by default, we start in global mode) global # Load handlers load-handler "sync-pppd.so" load-handler "cmd.so" # Bind address listen-port 1701 # Sync-pppd handler configuration section sync-pppd lns-pppd-opts " call l2tp" # Peer section for our lns (replace with you l2tp server) # Change the port if needed section peer hostname venus peer 0.0.0.0 mask 0 port 1701 lns-handler sync-pppd hide-avps no # Configure the cmd handler. You MUST have a "section cmd" line # even if you don't set any options. section cmd #### END l2tp.conf #### #--------------------------------------- In /etc/ppp create the options file with the following values. #--------------------------------------- #### BEGIN options #### auth lock dump #### END options #### #--------------------------------------- In /etc/ppp/peers create the l2tp file with the following values. #--------------------------------------- #### BEGIN l2tp #### noauth unit 1 +ipv6 ipv6cp-accept-local 1 noip #very important:preventing l2tp recursion ipparam "l2tp" # Terminate the connection if the lower link is dead lcp-echo-interval 60 lcp-echo-failure 4 debug kdebug 1 #### END l2tp #### #--------------------------------------- Setup the L2TP Client (LNC) on your MN -------------------------------------- Settingup the MN is also similar to setting up the Server (FR) with a few exceptions. l2tp-secrets is the same as in Server. Please copy this to /etc/l2tp The l2tp.conf in /etc/l2tp has a few differences from the one created in the Server. I will simply place this file here, rather than explaining the differences. #--------------------------------------- #### BEGIN l2tp.conf #### # Global section (by default, we start in global mode) global # Load handlers load-handler "sync-pppd.so" load-handler "cmd.so" # Bind address listen-port 1701 # Sync-pppd handler configuration section sync-pppd lac-pppd-opts "call l2tp" # Peer section for our lns (replace with you l2tp server) # Change the port if needed section peer peer 134.102.20.20 port 1701 lac-handler sync-pppd lns-handler sync-pppd hide-avps no # Configure the cmd handler. You MUST have a "section cmd" line # even if you don't set any options. section cmd #### END l2tp.conf #### #--------------------------------------- The tag "peer" above must point to where your Server (LNS, FR) is. This is what you setup previuosly. The options file in /etc/ppp is the same as what is given when setting up the Server (LNS, FR). Please make this file also in /etc/ppp Similarly, use the same l2tp file in /etc/ppp/peers of the Server for the MN. Place it in the /etc/ppp/peers directory. Running L2TP ------------ Run the L2TP daemon on both (MN & FR) machines. The syntax is l2tpd -f -d 65535 The -f is to make it a foreground process while the -d options is for it to display debug information. Better to to run it this way for you to see what L2TP is doing. Now, on the MN (LNC) run the following command to establish the L2TP tunnel between MN & the FR. l2tp-control "start-session 134.102.20.20" Here, 134.102.20.20 is the public address of your L2TP Server (LNS, FR). If it was successful, you should see session information on the screen. Moreover, if you run ifconfig, you should see the ppp1 device. To see session information, run, l2tp-control "dump-sessions" Router Advertisements --------------------- Once you have the ppp1 tunnel in both ends (FR and MN), run the Router Advertisement Daemon on the L2TP Server (FR, LNS). You can specify the ppp1 as the advertising interface. Here is the radvd config file that we used. #--------------------------------------- #### BEGIN radvd.conf #### interface ppp1 { AdvSendAdvert on; AdvHomeAgentFlag on; AdvHomeAgentInfo on; HomeAgentLifetime 360; HomeAgentPreference 10; AdvMobRtrSupportFlag on; MaxRtrAdvInterval 1; MinRtrAdvInterval 0.2; prefix 3ffe:400:7a0:ba0e::100/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; }; #### END radvd.conf #### #--------------------------------------- You run the radvd daemon in the following manner. radvd -d 4 -c radvd.conf Once you run it, you should see that the ppp1 interface on the MN side will have a address in the given prefix (3ffe:400:7a0:ba0e::100/64). Setting the Network Route Manually on FR ---------------------------------------- Since I did not know how to set the network route automatically on the FR to the ppp1 interface, I had to place it manually with an entry such as this. ip -6 route add 3ffe:400:7a0:ba0e::100/64 dev ppp1 To Stop L2TP ------------ Use the following command to stop a session. l2tp-control "stop-session n m" where n & m are "Tunnel MyID" and the "Session LAC MyID" in dump-sessions. To exit l2tpd, use, l2tp-control "exit" Acknowledgments --------------- I wish to thank Romain Kuntz of Nautilus6 for the support given to me and his valuable HOWTO on L2TP at, http://www.nautilus6.org/doc/tc-bmobile_l2tp-20041028-KuntzR.txt Author & Contact ---------------- Asanga Udugama University of Bremen, Germany For any problems in this procedue or questions, please write to adu@comnets.uni-bremen.de www.comnets.uni-bremen.de/~adu Scripts at, http://www.comnets.uni-bremen.de/~adu/l2tp-umts-gprs-setup-scripts.tar.gz 2006-01-25