Discovered today: a national broadband carrier in the UK provides wholesale L2TP handoff.
They authenticate not just with an LNS shared secret, but also with the hostname sent through during tunnel establishment.
I think there are two ways we could phrase the configuration item:
- set vpn l2tp remote-access lns host-name example.com
or
- set vpn l2tp remote-access host-name example.com
To my mind *1* makes more sense, because it's related specifically to the LNS-to-LAC connection, and is part of the authentication (like the shared-secret). However, I could also argue for *2* as many of the options in the [l2tp] section of accel-ppp.conf are directly under set vpn l2tp remote-access.
All this option will do is add an extra line, as in the example below:
[l2tp] verbose=1 ifname=l2tp%d ppp-max-mtu=1460 mppe=prefer bind=192.0.2.1 secret=hunter2 host-name=example.com
I'm happy to submit a PR for this, but would like to agree the command structure here first.
Many thanks!