Categories:
  🠪  General

Email
  🠪  Servers
  🠪  Testing
  🠪  Tips

Hardware
  🠪  3D Printing
  🠪  Apple
  🠪  Batteries
  🠪  Drives
  🠪  Edgerouter
  🠪  Electronics
  🠪  Laptop
  🠪  Modems
  🠪  Phone
  🠪  Printers
  🠪  Raspberry Pi
  🠪  Tablets
  🠪  Testing
  🠪  Virtualization

hidden
  🠪  General

Links
  🠪  Interesting
  🠪  Media

Network
  🠪  Data
  🠪  Testing
  🠪  VPN

Scripts
  🠪  Batch
  🠪  Linux
  🠪  Powershell

Servers
  🠪  Databases
  🠪  Misc
  🠪  Website

Software
  🠪  Other

Utilities
  🠪  Backup
  🠪  Fix Issues
  🠪  Recovery

Video
  🠪  Editing

Websites
  🠪  HTML
  🠪  Testing

Windows
  🠪  Adjustments
  🠪  Issues
  🠪  Remote Desktop
  🠪  Security
  🠪  Slow
  🠪  Software
  🠪  Startup

Submit Entry
Airin's Notes

Category: Hardware 🠪 Edgerouter
VPN - L2TP
November 27, 2023

*** Consider using Wireguard instead!
https://notes.airinscomputers.com/?item=322


This will setup a L2TP with preshared key of preshared123, username of username1 and password of password1

configure

set firewall name WAN_LOCAL rule 270 action accept
set firewall name WAN_LOCAL rule 270 description IKE
set firewall name WAN_LOCAL rule 270 destination port 500
set firewall name WAN_LOCAL rule 270 log disable
set firewall name WAN_LOCAL rule 270 protocol udp

set firewall name WAN_LOCAL rule 240 action accept
set firewall name WAN_LOCAL rule 240 description L2TP
set firewall name WAN_LOCAL rule 240 destination port 1701
set firewall name WAN_LOCAL rule 240 log disable
set firewall name WAN_LOCAL rule 240 protocol udp

set firewall name WAN_LOCAL rule 250 action accept
set firewall name WAN_LOCAL rule 250 description ESP
set firewall name WAN_LOCAL rule 250 log disable
set firewall name WAN_LOCAL rule 250 protocol esp

set firewall name WAN_LOCAL rule 260 action accept
set firewall name WAN_LOCAL rule 260 description NAT-T
set firewall name WAN_LOCAL rule 260 destination port 4500
set firewall name WAN_LOCAL rule 260 log disable
set firewall name WAN_LOCAL rule 260 protocol udp

set vpn ipsec ipsec-interfaces interface eth4
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username username1 password password1
set vpn l2tp remote-access client-ip-pool start 172.16.20.211
set vpn l2tp remote-access client-ip-pool stop 172.16.20.213
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 4.2.2.2
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret preshared123
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn ipsec auto-firewall-nat-exclude enable
set vpn l2tp remote-access outside-address 0.0.0.0
set vpn l2tp remote-access mtu 1492

commit
save






You can also set the static WAN ip address using this line. In theory, 0.0.0.0 allows any WAN IP, which works for DHCP WAN IP's.
set vpn l2tp remote-access outside-address 1.2.3.4





This site is meant to be used as a reference for myself, although others may find it useful. I use it to keep track of certain fixes, software, and other solutions which I may need while assisting customers. The page layout is pure HTML/CSS and is kept simple to optimize loading time and fast results.

Return to Airin's Computers