We have the following scenario :
I have created an L2TP VPN on the AR169FWG-L and confirmed connectivity/authentication is OK.
I am using the 4G interface as the primary and the ADSL as the VPN connection however since we enabled the 4G interface the VPN will not connect. I suspect that this
is because the default route is out the cellular however the static IP used for the VPN is on the ATM interface. I can connect to the VPN because I have a static route in place for my /24 range.
In the web gui that it is possible to define a static route and attach it to a VPN instance but the VPN instance is not listed when I attempt to create the static route – see below image.
I have not been able to identify any option via the CLI that would allow me to create a route for VPN traffic to be sent via the ATM interface rather than via cellular.
Root CauseIn order to be able to ping the ATM interface, you need to configure a static route on the AR device, so in this way the packets will know how to go back.
Create an Loopback Interface and bind the ATM Interface with the Loopback interface into tunnel interface
Redirect all the packets that are supposed to be sent on the L2TP tunnel over the WAN interface
Solution
First , configure the static route : ip route-static destination IP 0.0.0.0 Dialer 1
Then, create an Loopback Interface on the AR169 like you can see below:
Then ,you can bind the ATM Interface with the Loopback interface in this way:
Note that IP unnumbered can be configured also on ATM interfaces.
In this way, the ATM Interface will use the IP address from the loopback interface
Since the IP addresses used in the network at the moment when the tunnel is initiated are unknown and because you cannot control all the time what IP address you receive from the ISP on the PC from which you initiate the L2TP tunnel, you can do like below:
Implement policy based routing in order to redirect all the packets that are supposed to be sent on the L2TP tunnel over the WAN interface.
Please follow the below example:
1st Step : To redirect all the packets that are supposed to be sent over the L2TP tunnel we need to define an ACL which would select the traffic source from the 1701 UDP port
#
acl number 3333
rule 5 permit udp source-port eq 1701
2nd Step: Define a PBR to redirect the traffic on the WAN interface and apply it in the system view
#
policy-based-route redirect_l2tp permit node 5
if-match acl 3333
apply ip-address next-hop 200.1.1.2
#
ip local policy-based-route redirect_l2tp
