注册 登录
自由的生活_软路由 返回首页

nowings的个人空间 https://bbs.routerclub.com/?129858 [收藏] [复制] [分享] [RSS]

日志

Manual:Interface/L2TP

已有 1515 次阅读2011-9-19 21:34

Applies to RouterOS: v3, v4, v5+
Summary
Standards: RFC 2661
L2TP is a secure tunnel protocol for transporting IP traffic using PPP. L2TP encapsulates PPP in virtual lines that
run over IP, Frame Relay and other protocols (that are not currently supported by MikroTik RouterOS). L2TP
incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this
protocol is to allow the Layer 2 and PPP endpoints to reside on different devices interconnected by a
packet-switched network. With L2TP, a user has a Layer 2 connection to an access concentrator - LAC (e.g., modem
bank, ADSL DSLAM, etc.), and the concentrator then tunnels individual PPP frames to the Network Access Server -
NAS. This allows the actual processing of PPP packets to be separated from the termination of the Layer 2 circuit.
From the user's perspective, there is no functional difference between having the L2 circuit terminate in a NAS
directly or using L2TP.
It may also be useful to use L2TP just as any other tunneling protocol with or without encryption. The L2TP
standard says that the most secure way to encrypt data is using L2TP over IPsec (Note that it is default mode for
Microsoft L2TP client) as all L2TP control and data packets for a particular tunnel appear as homogeneous UDP/IP
data packets to the IPsec system.
Multilink PPP (MP) is supported in order to provide MRRU (the ability to transmit full-sized 1500 and larger
packets) and bridging over PPP links (using Bridge Control Protocol (BCP) that allows to send raw Ethernet frames
over PPP links). This way it is possible to setup bridging without EoIP. The bridge should either have an
administratively set MAC address or an Ethernet-like interface in it, as PPP links do not have MAC addresses.
L2TP includes PPP authentication and accounting for each L2TP connection. Full authentication and accounting of
each connection may be done through a RADIUS client or locally.
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
L2TP traffic uses UDP protocol for both control and data packets. UDP port 1701 is used only for link
establishment, further traffic is using any available UDP port (which may or may not be 1701). This means that
L2TP can be used with most firewalls and routers (even with NAT) by enabling UDP traffic to be routed through the
firewall or router.

路过

雷人

握手

鲜花

鸡蛋

评论 (0 个评论)

facelist doodle 涂鸦板

您需要登录后才可以评论 登录 | 注册

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-22 01:51 , Processed in 0.168981 second(s), 5 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

返回顶部