Configuring the router > The configuration script
The configuration script
Note: Comments are indicated in the script below using the # symbol.
Placeholders for IP addresses, passwords, etc are indicated by text within < >
set system name=”IPSec Gateway”
#The command below shows the Security Officer inactive timeout delay.
#The default is 60 seconds. During setup you can instead use 600
#seconds if desired.
set user securedelay=600
#The incoming L2TP calls will be CHAP authenticated.
#They may be authenticated against the router's user database as
#configured below, or against a RADIUS Server if configured. add user=dialin1 pass=friend1 login=no
add user=dialin2 pass=friend2 login=no add user=dialin3 pass=friend3 login=no add user=dialin4 pass=friend4 login=no
add user=secoff
#If RADIUS server support is needed, use a line such as this:
#add radius server=<your-RADIUS-server-address> secret=<secret-key>
#All dynamic incoming L2TP calls will associate with this PPP template
#as indicated below.
create ppp template=1 bap=off ippool="ip" authentication=chap echo=10 lqr=off
#To cater for dynamic creation of incoming L2TP calls enter the
#following commands.
enable l2tp
enable l2tp server=both
add l2tp
#The IP address allows for any valid Internet address. enable ip
add ip int=vlan1 ip=<office-private-LAN-address>
add ip int=eth0 ip=<office-Internet-address> mask=<appropriate-mask>
#The default route to the Internet.
add ip route=0.0.0.0 mask=0.0.0.0 int=eth0
#The IP pool addresses are the internal address ranges you want to
#allocate to your IPSec remote PC clients
#(e.g.
create ip pool=ip
Page 5 AlliedWare™ OS How To Note: VPNs with Windows 2000 clients, without