Setup L2TP Server on Edgemax routers

    November 19th, 2019

    Pre-requisites:

    Router configured with eth0 as the WAN connection.

    Step 1

    Access the router's CLI and enter configuration mode by typing configure

    Step 2

    Preview the IPSEC configuration by typing show vpn ipsec

    2a. If you obtain a DHCP IP address from your ISP, follow steps below:

    Type command set vpn l2tp remote-access dhcp-interface eth0

    2b. If you obtain an IP address statically from your ISP, follow steps below:

    Type command set vpn l2tp remote-access outside-address STATICIP

    Replace STATICIP with your ISP provided IP address

    Step 3

    Setup a pool of IP addresses that remote VPN connections will use. It is generally advised to use a seperate DHCP pool from your internal subnet so as not to overlap IPs.

    The below example will use a CIDR block of 192.168.4.0/24. Depending on the amount of remote VPN connections, you can set a custom IP block that fits your needs

    Run the command set vpn l2tp remote-access client-ip-pool start 192.168.4.10 as well as set vpn l2tp remote-access client-ip-pool stop 192.168.4.110

    Step 4

    You will need to setup a pre-shared secret as a way to protect your VPN from malicious access by running the command set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret "secret phrase"

    • Make sure to replace the words secret phrase with an actual phrase or password.

    Step 5

    Ensure remote access authentication mode is set to local by running the command set vpn l2tp remote-access authentication mode local

    Step 6

    You can now create users by running the command set vpn l2tp remote-access authentication local-users username test password test

    • replace the words "test" after username and password to whatever desired client info you would like.

    Step 7

    Set the DNS servers by running the command set vpn l2tp remote-access dns-servers server-1 8.8.8.8 for the primary DNS and set vpn l2tp remote-access dns-servers server-2 8.8.4.4 for the secondary.

    Step 8

    Don't forget to commit by running commit!

    You can then view the l2tp configuration by running the command show vpn l2tp remote-access

    Finally save the settings by running the command save

    Step 9

    Ensure that Port 500, 1701, 4500 and L2TP (UDP) is allowed in the firewall settings (Security tab for EdgeOS)

    Was this article helpful?

    Send feedback

    Can’t find what you’re looking for?

    Pilot’s local support team is here for you.

    Contact Support