L2TP IPSec VPN on EdgeOS
Friday, Mar 11, 2016 · 300 words · approx 2 mins to readI wrote recently about setting up an IPv6 tunnel on an EdgeRouterX. Another piece of networking configuration that I wanted to puzzle through on the same hardware was an inbound VPN, so that I can connect to my home network when I’m out and about. I don’t often need to do that, but when I do it’s a real pain that I can’t. I could setup an OpenVPN or similar server on my NAS, but the EdgeRouter has the functionality and it supports most common clients, including iOS, so why not.
It was so straightforward that the following gist probably explains it all if you read it line by line. It’s basically: enable VPN on the WAN, setup a user, setup a secret, setup DHCP for inbound connections, setup a route, done.
configure
set vpn ipsec ipsec-interfaces interface eth0 # your WAN interface
set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0 # check that's OK before you set it
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <user> password <password>
set vpn l2tp remote-access client-ip-pool start <starting IP>
set vpn l2tp remote-access client-ip-pool stop <end IP>
set vpn l2tp remote-access dns-servers server-1 <DNS server IP>
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access outside-address <WAN IP address>
set vpn l2tp remote-access outside-nexthop <next hop after the WAN IP, at your ISP>
set vpn l2tp remote-access mtu 1492
commit
save
exit