Edgemax VPN - Followup.



  • Re: Does any one have a EdgeRouter 4 online and can test L2TP

    I have successfully created a VPN - L2TP with IPSec / PSK - and it works... I'm thrilled...

    However, Maybe I didn't set the correct IP Pool to use, it's different from the internal network of 192.168.2.x - And I will just go change it after this post.

    But there are some things in @JaredBusch config I'm curious about in using -

    set vpn l2tp remote-access idle 1800
    

    Is this needed? Does this 'time out' and auto-log off the user?

    set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
    set vpn l2tp remote-access ipsec-settings lifetime 3600
    

    Why?



  • @gjacobse said in Edgemax VPN - Followup.:

    Re: Does any one have a EdgeRouter 4 online and can test L2TP

    I have successfully created a VPN - L2TP with IPSec / PSK - and it works... I'm thrilled...

    However, Maybe I didn't set the correct IP Pool to use, it's different from the internal network of 192.168.2.x - And I will just go change it after this post.

    But there are some things in @JaredBusch config I'm curious about in using -

    set vpn l2tp remote-access idle 1800
    

    Is this needed? Does this 'time out' and auto-log off the user?

    set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
    set vpn l2tp remote-access ipsec-settings lifetime 3600
    

    Why?

    Yup - setting the IP range to the same as dhcp did what I needed...



  • @gjacobse said in Edgemax VPN - Followup.:

    Yup - setting the IP range to the same as dhcp did what I needed...

    Well you want it hand out a block in the same subnet as your DHCP, but not in the same range as the DHCP being handed out. otherwise you could get a conflict.



  • @gjacobse said in Edgemax VPN - Followup.:

    set vpn l2tp remote-access idle 1800
    

    Is this needed? Does this 'time out' and auto-log off the user?

    It should time-out the user if no traffic for 1800 seconds (1 hour)

    set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
    set vpn l2tp remote-access ipsec-settings lifetime 3600
    

    These are IPSEC timeouts for renegotiation.


Log in to reply