NetworkUbiquiti Edgerouter VPN - L2TP Updated August 11 2024
*** Consider using Wireguard instead!


This will setup a L2TP with preshared key of preshared123, username of username1 and password of password1

configure

set firewall name WAN_LOCAL rule 270 action accept
set firewall name WAN_LOCAL rule 270 description IKE
set firewall name WAN_LOCAL rule 270 destination port 500
set firewall name WAN_LOCAL rule 270 log disable
set firewall name WAN_LOCAL rule 270 protocol udp

set firewall name WAN_LOCAL rule 240 action accept
set firewall name WAN_LOCAL rule 240 description L2TP
set firewall name WAN_LOCAL rule 240 destination port 1701
set firewall name WAN_LOCAL rule 240 log disable
set firewall name WAN_LOCAL rule 240 protocol udp

set firewall name WAN_LOCAL rule 250 action accept
set firewall name WAN_LOCAL rule 250 description ESP
set firewall name WAN_LOCAL rule 250 log disable
set firewall name WAN_LOCAL rule 250 protocol esp

set firewall name WAN_LOCAL rule 260 action accept
set firewall name WAN_LOCAL rule 260 description NAT-T
set firewall name WAN_LOCAL rule 260 destination port 4500
set firewall name WAN_LOCAL rule 260 log disable
set firewall name WAN_LOCAL rule 260 protocol udp

set vpn ipsec ipsec-interfaces interface eth4
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username username1 password password1
set vpn l2tp remote-access client-ip-pool start 172.16.20.211
set vpn l2tp remote-access client-ip-pool stop 172.16.20.213
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 4.2.2.2
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret preshared123
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn ipsec auto-firewall-nat-exclude enable
set vpn l2tp remote-access outside-address 0.0.0.0
set vpn l2tp remote-access mtu 1492

commit
save






You can also set the static WAN ip address using this line. In theory, 0.0.0.0 allows any WAN IP, which works for DHCP WAN IP's.
set vpn l2tp remote-access outside-address 1.2.3.4




©2024 - Some portions of this website are Copyrighted.
Your IP: 3.15.206.88     Referring URL:
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Terms and Conditions, Privacy Policy, and Security Policy