L2TP FAQs

Can L2TP Tunnels Be Established If the Public Address of the LNS Is Not Fixed?

Yes. You need to associate the public IP address of the LNS with a DNS domain name and set the DNS domain name as the server address on the LAC.

Can Users Access the Internet After an L2TP Tunnel Is Established?

Yes. Only the traffic from users to intranet servers is transmitted by L2TP tunnels. Therefore, tunnels do not affect user access to the Internet.

Can Windows OS Users Use L2TP to Access the Intranet Without Affecting the Access to the LAN and Internet?

Yes. Configure a split tunnel on the PC with the Windows OS, manually create a route to the intranet, and set the next hop to the Virtual-Template IP address. The procedures are as follows:

1. Open the new dial-up connection and choose Properties > Networking. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

2. Click Advanced.

3. Deselect Use default gateway on remote network.

How Do I Assign DNS to L2TP Dial-up Users?

You can use either of the following methods:

• Use the DNS server address specified in the address pool.
  1. Create an address pool and specify the DNS server address in the address pool.

     <sysname> system-view 
     [sysname] ip pool l2tp_pool 
     [sysname-pool-l2tp_pool] section 0 1.1.1.1 1.1.1.10 
     [sysname-pool-l2tp_pool] dns-list 2.2.2.1   //Set the DNS server address as required. 
     [sysname-pool-l2tp_pool] quit

  2. Create a service scheme and reference the address pool.

     [sysname] aaa 
     [sysname-aaa] service-scheme srvscheme1 
     [sysname-aaa-service-srvscheme1] ip-pool l2tp_pool    //Set the DNS server address as required.

  3. Reference the service scheme in the authentication domain.

     <sysname> system-view 
     [sysname] aaa 
     [sysname-aaa] domain domain1    //The authentication domain needs to be changed to the authentication domain used by L2TP. 
     [sysname-aaa-domain1] service-scheme srvscheme1

• Use the DNS server address specified in the service scheme.
  1. Create a service scheme.

     <sysname> system-view 
     [sysname] aaa 
     [sysname-aaa] service-scheme srvscheme1 
     [sysname-aaa-service_srvscheme1] dns 2.2.2.1    //Set the DNS server address as required.

  2. Reference the service scheme in the authentication domain.

     <sysname> system-view 
     [sysname] aaa 
     [sysname-aaa] domain domain1    //The authentication domain needs to be changed to the authentication domain used by L2TP. 
     [sysname-aaa-domain-domain1] service-scheme srvscheme1    //Reference the service scheme in the authentication domain. 

If DNS server addresses are specified in both the address pool and service scheme, the DNS server address specified in the address pool is preferentially used.