Have a good time, everyone! I live in CIS. My internet provider uses an l2tp connection. Should I add xl2tpd and libreswan or strongswan packages to the OpenWRT image assembly so that my traffic to the provider is somehow encrypted? Or is the xl2tpd package enough and there is no need for encryption? Thank you in advance for your help!
Are you certain that this is the "base" connection? Typically, the options are: DHCP, PPPoE, or Static IP for the basic connection. L2TP is usually a VPN that rides on top of the standard IP connectivity that is established by one of the other protocols.
Please verify the actual connection method required by your ISP.
1 Like
here are my interfaces: wan(DHCP), lan(br-lan), l2tp.
That doesn't answer the question -- what does the ISP require for connection? They usually document it on their website and/or materials they give you so that you can configure your router. L2TP is not likely related to your general network connectivity on the wan.
1 Like
here are the connection instructions for TP-link. I usually set up this way when the software is installed from the factory. I apologize for my English.
I have never seen this as a connection method.
In the CIS, many Internet service providers use such a connection. Can't you answer my question?
No ipsec options are visible in your screenshot.
Install xl2tpd and reboot the device. Then change the wan interface protocol to L2TP, enter your credentials and see if it works.
1 Like
I tried it. Does not work.
When 3 interfaces are working. I just don't understand if the traffic is encrypted to the ISP. It is necessary to include the "swanstrong" package in the image assembly or not so that the connection is secure and the traffic is encrypted. how to use L2TP with Ipsec for traffic encryption? (Is there any need for this at all?)
Without ipsec the connection is not encrypted.
Does the L2TP server support encryption?
Did the provider provide you with an ipsec pre-shared key or certificate?
Not such a trivial task. Here's a guide that looks good, but I don't have time to test if it actually works.
1 Like
No, the ISP does not provide any certificates or keys. Only authorization by login and password. I think this instruction is not suitable. Dude thanks for the responsiveness! 
1 Like