Pre-requisites:
Router configured with eth0 as the WAN connection.
Step 1
Access the router's CLI and enter configuration mode by typing configure
Step 2
Preview the IPSEC configuration by typing show vpn ipsec
2a. If you obtain a DHCP IP address from your ISP, follow steps below:
Type command set vpn l2tp remote-access dhcp-interface eth0
2b. If you obtain an IP address statically from your ISP, follow steps below:
Type command set vpn l2tp remote-access outside-address STATICIP
Replace STATICIP with your ISP provided IP address
Step 3
Setup a pool of IP addresses that remote VPN connections will use. It is generally advised to use a seperate DHCP pool from your internal subnet so as not to overlap IPs.
The below example will use a CIDR block of 192.168.4.0/24. Depending on the amount of remote VPN connections, you can set a custom IP block that fits your needs
Run the command set vpn l2tp remote-access client-ip-pool start 192.168.4.10 as well as set vpn l2tp remote-access client-ip-pool stop 192.168.4.110
Step 4
You will need to setup a pre-shared secret as a way to protect your VPN from malicious access by running the command set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret "secret phrase"
- Make sure to replace the words secret phrase with an actual phrase or password.
Step 5
Ensure remote access authentication mode is set to local by running the command set vpn l2tp remote-access authentication mode local
Step 6
You can now create users by running the command set vpn l2tp remote-access authentication local-users username test password test
- replace the words "test" after username and password to whatever desired client info you would like.
Step 7
Set the DNS servers by running the command set vpn l2tp remote-access dns-servers server-1 8.8.8.8 for the primary DNS and set vpn l2tp remote-access dns-servers server-2 8.8.4.4 for the secondary.
Step 8
Don't forget to commit by running commit!
You can then view the l2tp configuration by running the command show vpn l2tp remote-access
Finally save the settings by running the command save
Step 9
Ensure that Port 500, 1701, 4500 and L2TP (UDP) is allowed in the firewall settings (Security tab for EdgeOS)