Ben Cordero 9:55 pm on December 4, 2025  

L2TP with AAISP on a desktop

AAISP offer an interesting product that, for £10/mo, you can give yourself a _real_ IP address on the internet.

If you already have an A&A account, i.e. because you are already a subscriber, then after signing up, you should already have access to their l2tp service by reusing your DSL login credentials.

L2TP Host/Gateway: l2tp.aa.net.uk
Username: ab123@a
Password: <redacted>

You can get the line password by logging into https://control.aa.net.uk, and clicking on the graph for your line, and hovering over the password field.

If you are signing up for a new L2TP line, the first time you visit the page may require you to hit “Generate Password” first.

Note: Your login credentials to control.aa.net.uk are not the same as the L2TP credentials; the username is the same, but the password is not.

Logging into the L2TP

On a desktop system, I typically use NetworkManager. There’s a plugin available as net-vpn/networkmanager-l2tp, which pulls in net-dialup/xl2tpd as a dependency.

$ emerge networkmanager-l2tp

Create a new L2TP Connection using NetworkManager’s clients

$ nmcli connection add type vpn vpn-type l2tp con-name AAISP-L2TP 
$ nmcli connection modify AAISP-L2TP +vpn.data "gateway = l2tp.aa.net.uk"
$ nmcli connection modify AAISP-L2TP +vpn.data "user = ab123@a"
$ nmcli connection modify AAISP-L2TP +vpn.secrets "password = ......."

Now, bring up the interface.

$ nmcli connection up AAISP-L2TP

Verify the connection

If all works out, then you should have a new network interface, probably ppp0, and xl2tpd is running in the background, and has assigned a real IPv4 address and route to the new interface.

$ ip addr show dev ppp0
$ ip -4 route show dev ppp0

What you might notice, is that you don’t yet have an IPv6 address for it yet.

$ ip -6 route show dev ppp0

Setting up IPv6 over the tunnel

xl2tpd by itself, does not negotiate an IPv6 address. In order to configure this, we can use systemd-networkd to run the DHCPv6 protocol on the tunnel interface to derive ourselves an IP address.

# /etc/systemd/network/ppp.network
[Match]
Name=ppp*

[Network]
DHCP=yes

[IPv6AcceptRA]
RouteMetric=50 # Set this lower to prioritise sending traffic using this connection

The RouteMetric is important, as the default value of 1024 might be higher (less preferential) than your normal route.

$ networkctl reload

And you should now also receive a real IPv6 address on the internet.

$ ip -6 addr show dev ppp0
$ ip -6 route show dev ppp0

WARNING: You are on the internet

At this point, any network services you have that listening on public interfaces will be available to the internet. You may wish to consider enabling a firewall if this is unintentional.

$ ss -lntp | grep -E '(\[::]:|0.0.0.0:|\*:)'

Otherwise, if you intend for this connection to be persistent, these are reliable IPs that you may wish to add to a DNS server you control.