华为L2TP

需求：总部有公网地址搭建L2TP，分支无公网地址，跟总部建立OSPF连接

客户端配置

#
 sysname client
#
 l2tp enable
#
interface Virtual-Template1
 ppp chap user huawei
 ppp chap password Huawei@1234
 ip address ppp-negotiate
 l2tp-auto-client enable #默认
 ospf p2mp-mask-ignore
#WAN地址
interface GigabitEthernet0/0/0
 ip address 192.168.1.254 255.255.255.0 
#LAN地址
interface GigabitEthernet0/0/1
 ip address 172.16.1.1 255.255.255.0 
 dhcp select interface
#
l2tp-group 1
 tunnel password cipher huawei
 tunnel name L2TP_Client_1
 start l2tp ip 10.1.1.254 fullusername huawei
#
ospf 10 
 area 0.0.0.0 
  network 10.2.1.0 0.0.0.255 
  network 172.16.1.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 #出口
#

internet配置

 sysname internet
#
acl number 2000  
 rule 5 permit 
#
interface GigabitEthernet0/0/1
 ip address 192.168.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.1.1.1 255.255.255.0 
 nat outbound 2000

总部配置

#
sysname core
#开启dhcp
dhen enable
#公网IP接口
interface GigabitEthernet0/0/0
 ip address 10.1.1.254 255.255.255.0 
#内网IP
interface GigabitEthernet0/0/1
 ip address 172.16.2.1 255.255.255.0 
 dhcp select interface
 
#默认路由
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
#开启l2tp
 l2tp enable
 
# 配置LNS的IP地址池，为L2TP Client的拨号接口分配IP地址
ip pool 1
 gateway-list 10.2.1.1 
 network 10.2.1.0 mask 255.255.255.0 
 
#创建ppp认证用户
aaa 
 local-user huawei password cipher Huawei@1234
 local-user huawei service-type ppp
 
# 创建虚拟接口模板并配置PPP协商等参数。
interface Virtual-Template1
 ppp authentication-mode chap 
 remote address pool 1
 ip address 10.2.1.1 255.255.255.0 
 ospf network-type p2mp
 ospf timer hello 10
 ospf p2mp-mask-ignore
 
#创建一个L2TP组，配置LNS本端隧道名称及指定L2TP Client的隧道名称。
l2tp-group 1
 allow l2tp virtual-template 1 #调用虚拟接口模板
 tunnel authentication #启用隧道认证功能并设置隧道认证字。
 tunnel password cipher huawei
 tunnel name lns
 
#和客户端建立ospf邻居
ospf 10 
 area 0.0.0.0 
  network 10.2.1.0 0.0.0.255 
  network 172.16.2.0 0.0.0.255