Page MenuHomeVyOS Platform

Add support for unencrypted L2TPv2 client connections


Please can you add support for unencrypted L2TPv2 over UDP (RFC2661) clients to VyOS.

Configuration might look something like this:

set interface l2tpv2 l2tp0 server
set interface l2tpv2 l2tp0 default-route force
set interface l2tpv2 l2tp0 mtu 1492
set interface l2tpv2 l2tp0 enable-ipv6
set interface l2tpv2 l2tp0 user-id <Username>
set interface l2tpv2 l2tp0 password <Password>

Or maybe l2tpv2 is an encapsulation type of another type of interface.

Andrews and Arnold (AAISP) offer this as a commercial service for people using 'inferior broadband':

They provide configuration guides:

The Cisco configuration seems the least intuitive.

As originally asked here:


Difficulty level
Hard (possibly days)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

njh updated the task description. (Show Details)
njh rescinded a token.
njh awarded a token.

Also very interested in this. Ready and willing to test.

njh set Is it a breaking change? to Unspecified (possibly destroys the router).

Not had a lot of time recently, but I have kind of been waiting for the configuration nodes to be ported to Python, so that this can be written in the new / modern way.

Now that this is mostly done, I suspect that it wouldn't be too hard to implement - copying a different PPP based module as a starting point.

It looks like xl2tpd is available in Debian, so won't need packaging separately:

And it looks like the Kernel modules exist in my VyOS kernel (VyOS 1.3-rolling-202006110117):

vyos@vyos:~$ grep 'L2TP' /boot/config-4.19.125-amd64-vyos 

Have you had any time to look into this more? I am at a point of wanting to migrate off a Mikrotik RouterOS virtualized instance to a piece of hardware and would love to move to VyOS at the same time.

Willing to test anything that might be needed in order to help move this along.

Should I hold out any hope for this to be implemented? Still willing to help test and do whatever I can to get this in.

I have a couple of routed public /29's which do not need encryption, as they are just internet crossing data anyway, and would like to use VyOS as a central router for all my connectivity before splitting out into the network.

Jamie removed a subscriber: Jamie.

Just adding my +1 for this feature, would be very useful.
If I get time in the coming weeks/months I will try and pick up on the analysis where @njh left off.

dmbaturin triaged this task as Normal priority.Jan 9 2024, 3:24 PM
dmbaturin added a project: VyOS 1.5 Circinus.
dmbaturin changed Difficulty level from Unknown (require assessment) to Hard (possibly days).
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin set Issue type to Improvement (missing useful functionality).