ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Edge Router L2TP VPN Server Setup

    IT Discussion
    ubnt edgemax edgeos vpn l2tp how to networking
    5
    6
    12.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AdamFA
      AdamF
      last edited by scottalanmiller

      I recently setup my EdgeRouter X as a L2TP server with local user authentication. We've been using this for the past few days without any issues. Connecting from various platforms/OS's works perfectly. Let me know if anyone has an alternative method or if this guide should be tweaked at all.

      Assumes outside WAN interface is eth0

      configure

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

      If you have a static IP from your ISP, issue the following command, where x.x.x.x is your IP:

      set vpn l2tp remote-access outside-address x.x.x.x

      Gateway/next hop for public IP above:

      set vpn l2tp remote-access outside-nexthop x.x.x.x

set vpn l2tp remote-access client-ip-pool start 10.0.1.10
set vpn l2tp remote-access client-ip-pool stop 10.0.1.20

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret horsebatterystaple

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access authentication local-users username adam password adampassword

set vpn l2tp remote-access mtu 1492

set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 8.8.4.4

commit

      To verify the server is setup, the following command can be used.

      show vpn l2tp remote-access

      Save to keep changes on reboot

      save

      Set firewall rules for VPN traffic:
      This can be done via the GUI as well, but I used CLI. Just make sure to pay attention to your rule numbers and order.

      set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 description Allow_L2TP
set firewall name WAN_LOCAL rule 20 destination port 500,1701,4500
set firewall name WAN_LOCAL rule 20 log disable
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description Allow_ESP
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol 50

      That's it! Now setup the built in client on your OS of choice and you should be good to go.

      1 Reply Last reply Reply Quote 6
      • scottalanmillerS
        scottalanmiller
        last edited by

        Awesome, thanks for the write up.

        1 Reply Last reply Reply Quote 1
        • JaredBuschJ
          JaredBusch
          last edited by

          Great write up

          1 Reply Last reply Reply Quote 1
          • StrongBadS
            StrongBad
            last edited by

            Thanks for documenting this.

            1 Reply Last reply Reply Quote 1
            • T
              tiagom
              last edited by

              Great work.

              1 Reply Last reply Reply Quote 1
              • AdamFA
                AdamF
                last edited by

                No problem!

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post