NOTE: L2TP Tunnels require a feature license. Go to System Settings → Feature Licenses to enable this feature.
Layer 2 Tunneling Protocol (L2TP) tunnels can be used to create a connection between two private networks.
Once you have a valid feature license, click Add to create a new L2TP tunnel. Click Edit to make changes to an existing tunnel.
Add/Edit Tunnel – General
- Tunnel Name – Enter a name to uniquely identify this tunnel.
- LNS address – Enter the IP Address of the LNS (tunnel server) peer.
- MTU – Set the maximum transmission unit (MTU) for the L2TP tunnel.
- MRU – Set the maximum receive unit (MRU) to request from the tunnel peer. The MRU is very similar to the MTU: MTU is for packets sent and MRU is for packets received.
- Tunnel Enabled – Click to enable/disable this tunnel. Default: Enabled.
More authentication options and overrides are available in the next section.
- Username – Username for user-specific authorization. Leave blank to disable.
- Password – Shared secret (or password) used to authenticate the associated Local and Remote names.
- Enabled – When this is selected, the tunnel will attempt to reconnect if disconnected.
Add/Edit Tunnel – Authentication
- Remote Name – Authorization name specified by and to the remote system as its identity, sometimes a username or hostname. Leave blank to match any.
- Local Name – Authorization name specified by and to the remote system as the local system identity; sometimes a username or hostname. Leave blank to match any.
- Secret – Shared secret (or password) used to authenticate the associated Local and Remote names.
Override Authentication methods/parameters. With methods set to Allow the two ends of the tunnel can negotiate a common scheme. Sometimes this negotiation fails, or the implementation on one end is incompatible with the other. To solve those authentication issues, enable the overrides as needed.
- Authentication – Username for user-specific authorization. Leave blank to disable.
- CHAP – Choose from Allowed, Refused, or Required.
- PAP – Choose from Allowed, Refused, or Required.
- Name – Override names used to authenticate the router. Leave empty to use the default.
Add/Edit Tunnel – Routes
Typically specific routes are unnecessary, but they can be added in this section if needed. You can add or remove routes to be used to funnel packets through the tunnel.
- Network Address – This is the network address that is the destination of the route. This should be set to the network address at the remote side of the tunnel.
- Netmask – This is the corresponding subnet mask of the network being defined.