Edgemax VPN - Followup.
-
Re: Does any one have a EdgeRouter 4 online and can test L2TP
I have successfully created a VPN - L2TP with IPSec / PSK - and it works... I'm thrilled...
However, Maybe I didn't set the correct IP Pool to use, it's different from the internal network of 192.168.2.x - And I will just go change it after this post.
But there are some things in @JaredBusch config I'm curious about in using -
set vpn l2tp remote-access idle 1800
Is this needed? Does this 'time out' and auto-log off the user?
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 set vpn l2tp remote-access ipsec-settings lifetime 3600
Why?
-
@gjacobse said in Edgemax VPN - Followup.:
Re: Does any one have a EdgeRouter 4 online and can test L2TP
I have successfully created a VPN - L2TP with IPSec / PSK - and it works... I'm thrilled...
However, Maybe I didn't set the correct IP Pool to use, it's different from the internal network of 192.168.2.x - And I will just go change it after this post.
But there are some things in @JaredBusch config I'm curious about in using -
set vpn l2tp remote-access idle 1800
Is this needed? Does this 'time out' and auto-log off the user?
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 set vpn l2tp remote-access ipsec-settings lifetime 3600
Why?
Yup - setting the IP range to the same as dhcp did what I needed...
-
@gjacobse said in Edgemax VPN - Followup.:
Yup - setting the IP range to the same as dhcp did what I needed...
Well you want it hand out a block in the same subnet as your DHCP, but not in the same range as the DHCP being handed out. otherwise you could get a conflict.
-
@gjacobse said in Edgemax VPN - Followup.:
set vpn l2tp remote-access idle 1800
Is this needed? Does this 'time out' and auto-log off the user?
It should time-out the user if no traffic for 1800 seconds (1 hour)
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 set vpn l2tp remote-access ipsec-settings lifetime 3600
These are IPSEC timeouts for renegotiation.