Page tree


New feature from FW version onwards

The L2TP feature is not shipped with the default firmware due to security considerations. Snom provides the L2TP feature in a small firmware patch which needs to be installed. This patch contains only the L2TP feature and thus is very small in size.

Note:  this guide is valid for the public announcement system PA1+ as well (but not its predecessor PA1).

To install the L2TP feature patch follow one of the following procedures:

Manual Installation

  • Find out your currently installed firmware version. See this link for information on how to do this
  • Open the Firmware Update Center and click on your version
  • Scroll down to "L2TP Feature Updates" (available from fw Version
  • Copy the download link appropriate for your phone model
  • Open the phone web user interface and select "Software Update" from the left hand menu
  • Paste the link in the "Manual Software Update" field and click "Load"

The phone will reboot and install the patch. Afterwards you will be able to use the VPN feature

Automatic installation via SRAPS

Currently the installation of L2TP via SRAPS isn't supported yet.

How to tell if the L2TP patch installation was successful

If the L2TP installation was successful, the L2TP feature will be available. Here is how you can check that the L2TP feature is available:

The L2TP option is now visible in the Phone's Web Interface under Advanced → QOS/Security. If the L2TP patch installation was successful, you should see here the L2TP setting (it will be set to off at first because the L2TP feature was installed, but it is not yet enabled)

L2TP configuration files

For L2TP two configuration files are needed.

The first one is the file xl2tpd.conf. This is the initial configuration that is used to start the L2TP connection. You have to use the same file name. Inside of this file you have to add the IP address of the L2TP server you want to use to the variable "lns". The name of the configuration section "l2tp_connection" must not be changed because it is used from the phone. The name of the second configuration file is set in the variable "pppoptfile". Because the configuration files will be put into a tarball file that is later extracted on the phone to the directory /l2tp this path must also not be changed.

Here is a template for this configuration file:

[lac l2tp_connection]
lns = <L2TP server IP address>
ppp debug = yes
pppoptfile = /l2tp/options.xl2tpd
length bit = yes
redial = yes
redial timeout = 30
max redials = 1440

The second file ist the ppp option file that is set in the variable "pppoptfile" in the first configuration file. In this file the L2TP username and password has to be added.

Here is a template for the second configuration file:

mtu 1280
mru 1280
connect-delay 5000
name <L2TP username>
password <the L2TP password>

After you created both configuration files you have to put them without subdirectories to an unzipped tar archive. Then you need to put the new tarball file the a webserver.

Enable and configure L2TP

After the L2TP option is enabled an additional line for the L2TP tarball URL is displayed. There you can enter the URL of the webserver to your tarball file with your L2TP configuration files.

After applying the changes you have to reboot the phone. After the reboot the phone is fetching the tarball from the given URL and extracts the configuration files to the phone and reboots again and then the phone tries to connect to the L2TP server.

If the phone is successfully connected a VPN status message and the VPN icon is displayed on the display. :

If the phone can't get a connection an error status message is displayed:

  • After installing the L2TP patch, the L2TP line is now added to the System Info screen in the Phone Menu. If the phone has a L2TP connection then the L2TP IP address is also added.
  • Open the "Settings" menu by pressing the phone button with the gear symbol, then navigate to "Information" and select "System Info".
  • You should see the L2TP line (it will show L2TP off at first because the L2TP feature was installed, but is not yet enabled)

You can also see this information on the web interface on the System Information page:

The phone will now also add the X-snom-l2tp: available HTTP header to the provisioning requests. Using this header you can distinguish between devices with L2TP enabled and devices not supporting the L2TP.