L2TP over IPsec VPN Server

Thanks Tony !!!

Hello, thanks for your work!
The tutorials are very good, but I would appreciate it if you could update it to the current software version. I am currently on the latest v2.0.9-hotfix.7 and due to errors, I cannot perform the settings either with GUI or CLI commands.

I used exact config on my Edgerouter X and still i cant connect to it. I used NoIp service for my dynamic ip

If you are trying to connect to an L2TP VPN with Android, note that it is no longer working in newer versions of Android. Just wanted to save someone some time.

Tony, you mentioned in another comment that an error can occur if you have multiple VPN's? I have 3 site-to-site VPN's that continue to work, but the L2TP connection for clients, only works temporarily (after hours during initial setup) then in the morning, the client VPN will not establish a connection. Any pointers?

So, the VPN settings worked for exactly one day. Now, I receive an error message. All settings are still in place, including firewall... Any ideas? "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT. routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem."

Thank you sooooo much!!! I've been struggling to find a configuration that really works... Your directions were clear and totally effective. Awesome!

Still brilliant in 2023. My issue was external connection. Internal was fine. After setting the firewall rules from the ubiquity guide i had some pre existing port forwards on port 500 and 4500. Make sure to check your exisitng forwarding rules.

Absolutely great video, thanks! I can now connect to my local devices, but would also like to be able to use the internet over the VPN connection. How can I get that working or did I make a mistake somewhere?

Hi Tony. What if I give you access by anydesk and you Will set vpn for me.

WOW!

5 years later and this is still useful and correct!

Thank you very much Mr. Tony!

And if you allows me, here is the firewall rules to complement your script:

# Firewall rules

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description IKE
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description ESP
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description NAT-T
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description L2TP
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipse match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

And if you want to debug the connections, execute in CLI/SSH:

swanctl --log


Thank you!!!

Hi, the video is grate. but, I haven´t Ip public, and have 2 nat over on my ErL... I configure using Noip, thinking what the server will works, but not. some idea?
The VPN works in my iPhone locally, but not in 4G AT&T

This works great, but how can I allow multiple connections from one public IP

Followed this step by step and cant connect from a windows machine

Hi and thanks for the video. Now after android 12 removed L2TP, is thetr any way I can connect my android 12 to my edge router?
Thanks

wonderful video.
can you explain how to connect lan in vpn with a edgerouter lite and a fritzbox 7590? (formely a vpn router to router)
thank you excuse my bad english

First, thank you for making this excellent tutorial. I have scoured the internet and your video is by far the best I have found for this topic. I am unable to make this work for me, and I know it is because of something I am doing wrong - in spite of deleting and re-adding a few times. Have you considered making an updated version of this video? As the version of the Edgerouter UI has changed quite a bit, it would be great to see a new tutorial. Plus, L2TP is considered unsecure and no one else has made a (good) recent video of how to setup a more secure VPN in this space.

did not work for me.... I did everything line by line and all the firewall rules.... be nice if you could do a trouble shooting video in case this does not work. I have successfully set up a PPTN VPN using another video.

Ran into problems with Android. The Edgerouter didn't like the CHAP response and there was nothing to tweak in Android.

How would I setup this with double nat bc can't eliminate ISP router?

Nice and crisp, easy to follow instructions, right to the point, thank you for creating the video. Stay blessed.

Thank you for this video. It was very easy to follow and made it easy to set up VPN on my own router.

Thanks for a great good video.
Does remote users get internet through their own router or through the l2tp servers gateway?

Hi Tony. I've set this up, and it connects properly and uses my home connection to access the internet. However, I can't seem to connect to any local resources (printers, servers, etc...). Any ideas?

Good afternoon sir. How do I create the PPPoE interface? I tried adding it from the Dashboard (Add Interface/PPPoE) and even though it adds the interface to the Dashboard, , it does not shows as an option of the Interface the drop down . thanks!

Just want to say thank you for the video. I have used this to successfully configure my EdgeRouter and connected via my Android device!

Hi Tony. I have dual wan on my Edge pro router all with static IPs. I have followed all procedure but seems not to wor

For Android/Samsung devices: Tap the Settings app, then choose More Connection Settings, and then select VPN, then select More. Depending on your requirements select either VPN, choose Add VPN or Always-on VPN.

Super helpful! I have used this video twice now (had to reconfigure my edge-router) and both times process went smoothly because your video was so easy to follow! Thanks for a job well done!!

It works, thank you!!!

Thank you sir, worked for the first time. Now finally after long time and tries i'm able to wake my pc from my smartphone/remote access. Works like a charm. Greetings from Germany

Great video and still appears timely. I am surprised you did not add "set vpn ipsec auto-firewall-nat-exclude enable". I had to add this line to get to my vlans. Am I missing something?

Just set this up today with my EdgeRouterX SFP, so much better than reading thru tutorials on the web. I enjoy all your vids and Happy New Year.

Thanks a lot for the video!!! If I do the L2TP via the config. tree, are there any steps needed besides what you showed int he video? Thanks

I have an HP LaserJet printer on my network, and I was hoping to be able to print from the VPN, but sadly, the printer does not show up when a device is connected to the VPN. Is there a way to get this to work?

Thanks, Tony! I was able to follow along and set this up in no time. Works like a charm. I can access my devices on my home network and use my Pi-Hole for ad blocking when away from home. Those were my two goals. Does this also encrypt traffic like commercial VPNs do for the purpose of security when connected to a public hot spot?

Thanks for this. I would like to allow remote users to access a LAN at another site, can this be done over the same IP address the site uses for internet access, or does it require multiple IPs?

Great video thank you. Short Question how can you temporarily disable the VPN?

Thank you Tony for the great instructions. Clear and understandable. I wish you many more such tutorials. Best regards from Slovakia

Tony, thanks BTW! great video

Using a Windows 10 machine was an issue for me. I searched and found what was preventing my connection. After you create the Windows VPN, make sure to edit the VPN connection in Network Connections. Right Click on the VPN connection you just created, click properties, click security, enable "Allow these protocols" and select CHAP & MS-CHAP v2).

Thanks for laying it all out and making it easy to follow. I'm going to set this up soon. Couple quick questions. Do the DHCP servers have to be public or can the be internal? One of the reasons I want to set up a VPN is so I can use Pi-Hole from outside my network to block ads, so I would want to use the Pi-Hole's internal IP address as the primary DHCP, with a public as a backup. Second, does the client address pool have to be part of the existing internal DHCP range, separate from that range, or does it not matter? I did not realize this pool needed to be specified, as I assumed the client would receive an address from the existing DHCP pool. Hope that makes sense.

Can this be done via ssh to the router?

how do i delete it please help!

Hello Tony, This is a great video. I really like how you describe how and why. Can you tell me how to create the pre-shared-secret?

I was able to set up my VPN only by adding a firewall rule to allow PING. Otherwise I was not able to access the VPN. Is this rule absolutely necessary?