How to setup L2TP Server on Edgemax routers

Pre-requisites:

Router configured with eth0 as the WAN connection.

Step 1

Access the router's CLI and enter configuration mode by typing configure

Step 2

Preview the IPSEC configuration by typing show vpn ipsec

2a. If you obtain a DHCP IP address from your ISP, follow steps below:

Type command set vpn l2tp remote-access dhcp-interface eth0

2b. If you obtain an IP address statically from your ISP, follow steps below:

Type command set vpn l2tp remote-access outside-address STATICIP

Replace STATICIP with your ISP provided IP address

Step 3

Setup a pool of IP addresses that remote VPN connections will use. It is generally advised to use a seperate DHCP pool from your internal subnet so as not to overlap IPs.

The below example will use a CIDR block of 192.168.4.0/24. Depending on the amount of remote VPN connections, you can set a custom IP block that fits your needs

Run the command set vpn l2tp remote-access client-ip-pool start 192.168.4.10 as well as set vpn l2tp remote-access client-ip-pool stop 192.168.4.110

Step 4

You will need to setup a pre-shared secret as a way to protect your VPN from malicious access by running the command set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret "secret phrase"

  • Make sure to replace the words secret phrase with an actual phrase or password.

Step 5

Ensure remote access authentication mode is set to local by running the command set vpn l2tp remote-access authentication mode local

Step 6

You can now create users by running the command set vpn l2tp remote-access authentication local-users username test password test

  • replace the words "test" after username and password to whatever desired client info you would like.

Step 7

Set the DNS servers by running the command set vpn l2tp remote-access dns-servers server-1 8.8.8.8 for the primary DNS and set vpn l2tp remote-access dns-servers server-2 8.8.4.4 for the secondary.

Step 8

Don't forget to commit by running commit!

You can then view the l2tp configuration by running the command show vpn l2tp remote-access

Finally save the settings by running the command save

Step 9

Ensure that Port 500, 1701, 4500 and L2TP (UDP) is allowed in the firewall settings (Security tab for EdgeOS)

More from Tutorials