Categories: 🠪 General
Email 🠪 Servers
🠪 Testing
🠪 Tips
Hardware 🠪 3D Printing
🠪 Apple
🠪 Batteries
🠪 Drives
🠪 Edgerouter
🠪 Electronics
🠪 Laptop
🠪 Modems
🠪 Phone
🠪 Printers
🠪 Raspberry Pi
🠪 Tablets
🠪 Testing
🠪 Virtualization
hidden 🠪 General
Links 🠪 Interesting
🠪 Media
Network 🠪 Data
🠪 Testing
🠪 VPN
Scripts 🠪 Batch
🠪 Linux
🠪 Powershell
Servers 🠪 Databases
🠪 Misc
🠪 Website
Software 🠪 Other
Utilities 🠪 Backup
🠪 Fix Issues
🠪 Recovery
Video 🠪 Editing
Websites 🠪 HTML
🠪 Testing
Windows 🠪 Adjustments
🠪 Issues
🠪 Remote Desktop
🠪 Security
🠪 Slow
🠪 Software
🠪 Startup
Submit Entry
| Airin's Notes
Category: Hardware 🠪 Edgerouter
VPN - L2TP | November 27, 2023 |
*** Consider using Wireguard instead!
https://notes.airinscomputers.com/?item=322
This will setup a L2TP with preshared key of preshared123, username of username1 and password of password1
configure
set firewall name WAN_LOCAL rule 270 action accept
set firewall name WAN_LOCAL rule 270 description IKE
set firewall name WAN_LOCAL rule 270 destination port 500
set firewall name WAN_LOCAL rule 270 log disable
set firewall name WAN_LOCAL rule 270 protocol udp
set firewall name WAN_LOCAL rule 240 action accept
set firewall name WAN_LOCAL rule 240 description L2TP
set firewall name WAN_LOCAL rule 240 destination port 1701
set firewall name WAN_LOCAL rule 240 log disable
set firewall name WAN_LOCAL rule 240 protocol udp
set firewall name WAN_LOCAL rule 250 action accept
set firewall name WAN_LOCAL rule 250 description ESP
set firewall name WAN_LOCAL rule 250 log disable
set firewall name WAN_LOCAL rule 250 protocol esp
set firewall name WAN_LOCAL rule 260 action accept
set firewall name WAN_LOCAL rule 260 description NAT-T
set firewall name WAN_LOCAL rule 260 destination port 4500
set firewall name WAN_LOCAL rule 260 log disable
set firewall name WAN_LOCAL rule 260 protocol udp
set vpn ipsec ipsec-interfaces interface eth4
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username username1 password password1
set vpn l2tp remote-access client-ip-pool start 172.16.20.211
set vpn l2tp remote-access client-ip-pool stop 172.16.20.213
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 4.2.2.2
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret preshared123
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn ipsec auto-firewall-nat-exclude enable
set vpn l2tp remote-access outside-address 0.0.0.0
set vpn l2tp remote-access mtu 1492
commit
save
You can also set the static WAN ip address using this line. In theory, 0.0.0.0 allows any WAN IP, which works for DHCP WAN IP's.
set vpn l2tp remote-access outside-address 1.2.3.4 |
|