How to setup L2TP Server on Edgemax routers
Router configured with eth0 as the WAN connection.
Access the router's CLI and enter configuration mode by typing configure
Preview the IPSEC configuration by typing show vpn ipsec
2a. If you obtain a DHCP IP address from your ISP, follow steps below:
Type command set vpn l2tp remote-access dhcp-interface eth0
2b. If you obtain an IP address statically from your ISP, follow steps below:
Type command set vpn l2tp remote-access outside-address STATICIP
Replace STATICIP with your ISP provided IP address
Setup a pool of IP addresses that remote VPN connections will use. It is generally advised to use a seperate DHCP pool from your internal subnet so as not to overlap IPs.
The below example will use a CIDR block of 192.168.4.0/24. Depending on the amount of remote VPN connections, you can set a custom IP block that fits your needs
Run the command set vpn l2tp remote-access client-ip-pool start 192.168.4.10 as well as set vpn l2tp remote-access client-ip-pool stop 192.168.4.110
You will need to setup a pre-shared secret as a way to protect your VPN from malicious access by running the command set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret "secret phrase"
- Make sure to replace the words secret phrase with an actual phrase or password.
Ensure remote access authentication mode is set to local by running the command set vpn l2tp remote-access authentication mode local
You can now create users by running the command set vpn l2tp remote-access authentication local-users username test password test
- replace the words "test" after username and password to whatever desired client info you would like.
Set the DNS servers by running the command set vpn l2tp remote-access dns-servers server-1 184.108.40.206 for the primary DNS and set vpn l2tp remote-access dns-servers server-2 220.127.116.11 for the secondary.
Don't forget to commit by running commit!
You can then view the l2tp configuration by running the command show vpn l2tp remote-access
Finally save the settings by running the command save
Ensure that Port 500, 1701, 4500 and L2TP (UDP) is allowed in the firewall settings (Security tab for EdgeOS)