Configuration at location B (bintec be.IP plus-2)

Configuring the IPSec tunnel with the VPN assistants

Add a new connection to the VPN assistants. For this, go to the following menu:

  1. Go to Assistants -> VPN -> VPN Connections -> New.

Assistants -> VPN -> VPN Connections -> New

Proceed as follows:

  1. Under VPN scenario select IPSec LAN-to-LAN connection .

  2. Click Next to configure a new VPN connection.

Enter the data required for the VPN connection.

Assistants -> VPN -> VPN Connections -> Next

Proceed as follows to configure a new VPN connection:

  1. For example, under Description enter IPSec Peer1 .

  2. Enter the ID of your own IPSec gateway under Local IPSec ID, e.g. be.IP_plus-2 .

  3. For example, under Remote IPSec ID enter be.IP_plus-1 .

  4. Under Preshared Key enter, for example, secret for authentication. The preshared key must be identical on both sides.

  5. Select the Local IP Address of the gateway, for example 192.168.1.254 .

  6. Leave Define this connection as default route set to disabled.

  7. Under IPSec Peer Address enter the IP address or host name of the remote IPSec partner, e. g. 10.1.1.1 .

  8. Enter the destination address used for the connection under IP Address of Remote Network e.g. 1.1.1.1 .

  9. Under Subnet Mask enter the host mask, e.g. 255.255.255.255 .

  10. Press OK to confirm your entries.

To change the local IP address, select the following menu options:

  1. Go to VPN -> IPSec -> IPSec Peers -> .

VPN -> IPSec -> IPSec Peers ->

Proceed as follows:

  1. Under Local IP Address enter, for example 1.1.1.2 .

  2. Leave the remaining settings unchanged and confirm them with OK.

Configuring the L2TP connection

To create a tunnel profile, go to the following menu:

  1. Go to VPN -> L2TP -> Tunnel Profiles -> New.

VPN->L2TP->Tunnel Profiles->New

  1. For example, under Description enter L2TP-LAS .

  2. Enter the ID of your own IPSec gateway under Local Hostname, e.g. be.IP_plus-2 .

  3. For example, under Remote Hostname enter be.IP_plus-1 .

  4. Enter the password, e.g. secret for authentication.

  5. Enter the destination address used for the connection under Remote IP Address e.g. 1.1.1.1 .

  6. Click Advanced Settings.

  7. Enter the Local IP Address, e.g. 1.1.1.2 .

  8. Leave the remaining settings unchanged and confirm them with OK.

A user must be configured in the next step. For this, go to the following menu:

  1. Go to VPN -> L2TP -> User -> New.

VPN->L2TP->Users->New

To create a new user, proceed as follows.

  1. For example, under Description enter L2TP-LAS .

  2. Select the Connection Type LNS .

  3. Under User Name enter L2TP-User for example.

  4. Enter the password, e.g. secret .

  5. Enter the Local IP Address, e.g. 1.1.1.4 . To avoid conflicts with other interfaces or existing routes, the local IP address must be unique.

  6. Under Route Entries enter the remote IP address, e.g. 1.1.1.3 and the netmask e.g. 255.255.255.255 .

  7. Click Advanced Settings.

  8. Under Encryption click None . As a secure IPSec connection already exists, additional encryption is not required.

  9. Leave the remaining settings unchanged and confirm them with OK.

Configuring the bridge group

To enable bridging between the LAN interface and the L2TP interface, both interfaces must be assigned to a bridge group. For this, go to the following menu:

  1. Go to System Management -> Interface Mode / Bridge Groups -> Interfaces.

System Management -> Interface Mode / Bridge Groups ->Interfaces

Proceed as follows:

  1. Under Mode / Bridge Group select New Bridge Group . In our example, the interface en1-0 is used as the LAN interface.

  2. Under Configuration Interface select en1-0 .

  3. Confirm with OK. After clicking OK, a new bridge group is created automatically.

If no bridge group exists, the new interface uses the alias br0 (otherwise br1 , br2 , etc.).

The configuration looks like this:

System Management -> Interface Mode / Bridge Groups ->Interfaces

Now is assigned to the newly created bridge Grupppe the L2TP interface. For this, go to the following menu:

  1. Go to System Management -> Interface Mode / Bridge Groups ->Interfaces -> Add.

System Management -> Interface Mode / Bridge Groups ->Interfaces -> Add

Proceed as follows:

  1. Under Mode / Bridge Group select the WAN-Partner L2TP-LAS .

  2. Confirm with OK.

To enable bridging between the LAN interface and the L2TP interface, both interfaces must be assigned to a bridge group. For this, go to the following menu:

  1. Go to System Management -> Interface Mode / Bridge Groups ->Interfaces.

System Management -> Interface Mode / Bridge Groups ->Interfaces

Proceed as follows:

  1. Under Mode / Bridge Group select br0(192.168.1.254) .

  2. Confirm with OK. After clicking OK, a new bridge group is created automatically.

This concludes the configuration of the bintec be.IP plus™ gateway as location B.

Copyright© Version 08/2020 bintec elmeg GmbH