[Openl2tp-users] Using L2TPv3 unmanaged tunnels

James Chapman jchapman at katalix.com
Tue Apr 6 13:06:23 BST 2010

If you're interested in using L2TPv3, please read on.

As I mentioned in a previous post, L2TPv3 support has recently been
added to the Linux kernel and should be available in 2.6.35. L2TPv3
allows protocols other than PPP to be carried in L2TP. In particular,
ethernet pseudowires carry raw ethernet frames over L2TP. The new L2TP
kernel drivers expose Linux network interfaces for each ethernet
pseudowire (L2TPv3 ethernet session instance), which may then be
configured using standard Linux networking utilities.

Some commercial L2TP products support unmanaged L2TPv3 ethernet
tunnels, where there is no L2TP control protocol; tunnels are
configured at each side manually without a L2TP userspace daemon
being involved. A new l2tpv3tun utility is now available to support

# l2tpv3tun help
Usage: l2tpv3tun add tunnel
          remote ADDR local ADDR
          tunnel_id ID peer_tunnel_id ID
          [ encap { ip | udp } ]
          [ udp_sport PORT ] [ udp_dport PORT ]
       l2tpv3tun add session
          tunnel_id ID
          session_id ID peer_session_id ID
          [ cookie HEXSTR ] [ peer_cookie HEXSTR ]
          [ offset OFFSET ] [ peer_offset OFFSET ]
       l2tpv3tun del tunnel tunnel_id ID
       l2tpv3tun del session tunnel_id ID session_id ID
       l2tpv3tun show tunnel [ tunnel_id ID ]
       l2tpv3tun show session [ tunnel_id ID ] [ session_id ID ]

For example, to create an L2TPv3 ethernet pseudowire between local host and peer, using IP addresses and for the tunnel endpoints:-

# modprobe l2tp_eth
# modprobe l2tp_netlink

# l2tpv3tun add tunnel tunnel_id 1 peer_tunnel_id 1 udp_sport 5000 \
  udp_dport 5000 encap udp local remote
# l2tpv3tun add session tunnel_id 1 session_id 1 peer_session_id 1
# ifconfig -a
# ip addr add peer dev l2tpeth0
# ifconfig l2tpeth0 up

Choose IP addresses to be the address of a local IP interface and that
of the remote system. The IP addresses of the l2tpeth0 interface can be
anything suitable.

Repeat the above at the peer, with ports, tunnel/session ids and IP
addresses reversed.  The tunnel and session IDs can be any non-zero
32-bit number, but the values must be reversed at the peer.

Host 1                         Host2
udp_sport=5000                 udp_sport=5001
udp_dport=5001                 udp_dport=5000
tunnel_id=42                   tunnel_id=45
peer_tunnel_id=45              peer_tunnel_id=42
session_id=128                 session_id=5196755
peer_session_id=5196755        peer_session_id=128

When done at both ends of the tunnel, it should be possible to send
data over the network. e.g.

# ping

L2TP tunnels and sessions may be listed using l2tpv3tun.

# l2tpv3tun show tunnel
Tunnel 1, encap UDP
  From to
  Peer tunnel 1
  UDP source / dest ports: 5000/5001

# l2tpv3tun show session
Session 1 in tunnel 1
  Peer session 1, tunnel 1
  interface name: l2tpeth0
  offset 0, peer offset 0

It is planned to merge the l2tpv3tun utility into the standard Linux ip
command utility but it needs some work first. For now, a separate
utility is provided. Download source from


Note: a kernel with the new L2TP drivers will be needed to use this

Please report any problems to this list.


James Chapman
Katalix Systems Ltd
Catalysts for your Embedded Linux software development

Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
Openl2tp-users mailing list
Openl2tp-users at lists.sourceforge.net

More information about the Openl2tp-users mailing list