The L2TP feature is not shipped with the default firmware due to security considerations. Snom provides the L2TP feature in a small firmware patch which needs to be installed. This patch contains only the L2TP feature and thus is very small in size.
Note: this guide is valid for the public announcement system PA1+ as well (but not its predecessor PA1).
To install the L2TP feature patch follow one of the following procedures:
The phone will reboot and install the patch. Afterwards you will be able to use the VPN feature
Currently the installation of L2TP via SRAPS isn't supported yet.
If the L2TP installation was successful, the L2TP feature will be available. Here is how you can check that the L2TP feature is available:
The L2TP option is now visible in the Phone's Web Interface under Advanced → QOS/Security. If the L2TP patch installation was successful, you should see here the L2TP setting (it will be set to off at first because the L2TP feature was installed, but it is not yet enabled)
For L2TP two configuration files are needed.
The first one is the file xl2tpd.conf. This is the initial configuration that is used to start the L2TP connection. You have to use the same file name. Inside of this file you have to add the IP address of the L2TP server you want to use to the variable "lns". The name of the configuration section "l2tp_connection" must not be changed because it is used from the phone. The name of the second configuration file is set in the variable "pppoptfile". Because the configuration files will be put into a tarball file that is later extracted on the phone to the directory /l2tp this path must also not be changed.
Here is a template for this configuration file:
[lac l2tp_connection] lns = <L2TP server IP address> ppp debug = yes pppoptfile = /l2tp/options.xl2tpd length bit = yes redial = yes redial timeout = 30 max redials = 1440
The second file ist the ppp option file that is set in the variable "pppoptfile" in the first configuration file. In this file the L2TP username and password has to be added.
Here is a template for the second configuration file:
ipcp-accept-local ipcp-accept-remote refuse-eap require-chap noccp noauth mtu 1280 mru 1280 noipdefault nodefaultroute usepeerdns connect-delay 5000 name <L2TP username> password <the L2TP password>
After you created both configuration files you have to put them without subdirectories to an unzipped tar archive. Then you need to put the new tarball file the a webserver.
After the L2TP option is enabled an additional line for the L2TP tarball URL is displayed. There you can enter the URL of the webserver to your tarball file with your L2TP configuration files.
After applying the changes you have to reboot the phone. After the reboot the phone is fetching the tarball from the given URL and extracts the configuration files to the phone and reboots again and then the phone tries to connect to the L2TP server.
If the phone is successfully connected a VPN status message and the VPN icon is displayed on the display. :
If the phone can't get a connection an error status message is displayed:
You can also see this information on the web interface on the System Information page:
The phone will now also add the X-snom-l2tp: available HTTP header to the provisioning requests. Using this header you can distinguish between devices with L2TP enabled and devices not supporting the L2TP.