I./ Learn about L2TP Servers and VPN Client Access of Firewall SonicWall:
– On the SonicWall security device, it can be used as a border for L2TP connections via IPsec protocol from clients running Microsoft Windows or Google Android. In situations where the Global VPN Client (GVC) is no longer running, you can use SonicWall L2TP Server to provide secure access to resources within your network.
– You can use it Layer 2 Tunneling Protocol (L2TP) to create a VPN anywhere. L2TP provides interoperability between different VPN providers, they have different protocols PPTP and L2F, through L2TP is the best way to combine the protocols and also extend them.
– L2TP supports several authentication methods using PPP, as well as PAP/CHAP, and MS-CHAP. You can use L2TP to authenticate the endpoints of a VPN tunnel for added security, and you can deploy it with IPsec to provide a secure, encrypted connection solution over the VPN.
II./ Steps to perform configuration:
1. Configure L2TP Server.
2. Check active L2TP connection sessions.
3. Demo configuration Access L2TP VPN Client on Microsoft Windows.
III./ Configure L2TP Server:
– Steps to configure the L2TP Server.
1. On the GUI management page of SonicWall follow the page link: NETWORK | IPSec VPN > L2TP Server.
2. Select enable L2TP Server. Now configuration can be performed.
3. Click Configure to display the configuration page L2TP Server Configuration.
2. Select enable L2TP Server. Now configuration can be performed.
3. Click Configure to display the configuration page L2TP Server Configuration.
4. On the L2TP Server Settings page, enter the time value in seconds in the box Keep alive time (secs). This parameter is the amount of time packets are sent to the client to check the connection status. By default this number is 60 seconds.
5. In 2 drives DNS Server 1 and DNS Server 2 Enter the IP address of your DNS server. Or you can also use CloudFlare, GoogleDNS or NextDNS….
6. Next 2 cells WINS Server 1 and WINS Server 2enter the IP address of if there is a WINS Server.
7. Click L2TP Users.
5. In 2 drives DNS Server 1 and DNS Server 2 Enter the IP address of your DNS server. Or you can also use CloudFlare, GoogleDNS or NextDNS….
6. Next 2 cells WINS Server 1 and WINS Server 2enter the IP address of if there is a WINS Server.
7. Click L2TP Users.
8. Choose one of the following two options to set up confirmation and assign an IP address to the user:
8.1| IP ADDRESS PROVIDED BY RADIUS/LDAP SERVER:
– By default, this option is not selected. Select it if you use a RADIUS or LDAP server to provide IP address information to L2TP clients.
– To use this option, authentication via RADIUS/LDAP server must be selected in the page DEVICE | Users > Settings. If the option is selected, a notification for this effect will appear with just a click OK.
If you have not added RADIUS/LDAP server information to Users Setting, this step will not work.
8.2| USE THE LOCAL L2TP IP POOL:
– This is the default IP address setting. Select it if L2TP Server directly grants IP. Enter a private IP range on the LAN in the box Start IP and End IP.
– By default, this option is not selected. Select it if you use a RADIUS or LDAP server to provide IP address information to L2TP clients.
– To use this option, authentication via RADIUS/LDAP server must be selected in the page DEVICE | Users > Settings. If the option is selected, a notification for this effect will appear with just a click OK.
If you have not added RADIUS/LDAP server information to Users Setting, this step will not work.
8.2| USE THE LOCAL L2TP IP POOL:
– This is the default IP address setting. Select it if L2TP Server directly grants IP. Enter a private IP range on the LAN in the box Start IP and End IP.
9. If you want to select the user group for L2TP, select it in the menu User Group Or you can use it right away Everyone.
10. Click on the page PPP Settings.
10. Click on the page PPP Settings.
11. Select an authentication protocol and click +Add to add it. You can also delete protocols and reorder them.
12. Click Save.
12. Click Save.
IV./ Check active L2TP connection sessions:
– Active connection sessions using L2TP are displayed in the page Active L2TP Sessions.
– On this page there will be information displayed such as:
- USER NAME: The user name is specified in local user or RADIUS.
- PPP IP: Source IP address of that connection.
- ZONE: Zone used by L2TP client.
- INTERFACE: Interface used to access the L2TP Server, it can be a VPN client or another Firwall.
- AUTHENTICATION: Authentication type used by L2TP client.
- HOST NAME: Name of the L2TP connection to the L2TP Server.
BECAUSE./ Demo configuration Access L2TP VPN Client on Microsoft Windows:
– The following is an example configuration of an L2TP client running Microsoft’s L2TP VPN Client. SonicOS/X only supports X.509 certificates for L2TP connections; PKCS #7 encryption of X.509 certificates is not supported in SonicOS/X for L2TP connections.
– Steps to open Microsoft L2TP VPN Client to access the named rule WAN GroupVPN SA:
1. In SonicWall’s GUI management page, access the page link: NETWORK | VPN > Rules and Settings.
2. Select policy WAN GroupVPN click Edit in column Configure.
3. In screen Generalselect IKE use Preshared Secret give Authentication Method.
4. Enter the password in the box Shared Secret to complete the configuration step for client policy.
5. Click Save.
6. Go to page NETWORK | IPSec VPN > L2TP Server.
7. In section L2TP Serverselect Enable L2TP Server.
8. Click Configure.
9. Place the example configurations inside L2TP Server Settings:
2. Select policy WAN GroupVPN click Edit in column Configure.
3. In screen Generalselect IKE use Preshared Secret give Authentication Method.
4. Enter the password in the box Shared Secret to complete the configuration step for client policy.
5. Click Save.
6. Go to page NETWORK | IPSec VPN > L2TP Server.
7. In section L2TP Serverselect Enable L2TP Server.
8. Click Configure.
9. Place the example configurations inside L2TP Server Settings:
- Keep alive time (secs): 60
- DNS Server 1: 199.2.252.10 (ISP’s DNS)
- DNS Server 2: 4.2.2.2 (ISP’s DNS)
- WINS Server 1: 0.0.0.0
- WINS Server 2: 0.0.0.0
10. Click L2TP Users Settings.
11. Install information:
- Use the Local L2TP IP pool: Enabled (In this example, we authenticate and grant IP using L2TP server)
- Start IP: 10.20.0.1
- End IP: 10.20.0.20
13. Click Save.
14. Go to page DEVICE | Users > Local Users & Groups.
15. Click Local Users.
16. Click +Add User to display the Settings list.
17. Set name and password in the boxes Name, Passwordand Confirm Password.
18. Click Save.
– By editing access rules VPN > LAN or other VPN (below POLICY | Rules and Policies > Access Rules), you can restrict access to L2TP clients. To find the rule to edit, select View All Types on the board Access Rules and leans against the column Source give L2TP IP Pool.
18. Click Save.
– By editing access rules VPN > LAN or other VPN (below POLICY | Rules and Policies > Access Rules), you can restrict access to L2TP clients. To find the rule to edit, select View All Types on the board Access Rules and leans against the column Source give L2TP IP Pool.
- On PC run Microsoft Windowsperform the following L2TP VPN Client configuration steps to open secure access.
- On PC click Start > Control Panel > Network and Sharing Center.
- Click Open the New Connection Wizard.
- Select Choose Connect.
- Click next.
- Select Virtual Private Network Connection. Click next.
- Enter a name for this VPN connection. Click next.
- Enter your Public IP (WAN). Firewall SonicWall. Additionally, you can use the domain name to point to the firewall.
- Click nextand then click finish.
- In the window Connection. Connectionclick Properties.
- Click Security.
- Click on IPSec Settings.
- Open for use preshared key for authentication.
- Enter the password created for L2TP above preshared secret key and click OK.
- Click Networking.
- Change Type of VPN from Automatic wall L2TP IPSec VPN.
- Click OK.
- Enter the account and password for the user created in the step above.
- Click Connect.
19. To check the device Microsoft Windows L2TP VPN is connected to Firewall Sonicwall. Go to the device management page on SonicWall in the page NETWORK | IPSec VPN > Rules and Settings. Client VPN client is shown in section Currently Active VPN Tunnels.
Good luck.
Xem tiếp...