how to setup a L2TP VPN on a Edge RouterX

Intro
I will go over how to set up an L2TP VPN on an Edge RouterX.

A VPN is an Encrypted tunnel from a client to a server.
A VPN can be used to get access to network resources that are only on your local network. It is more secure. L2TP encryption has been known to be easy to crack nowadays. Use wisely.

Your computer will behave as if it is connected to your other network when you are remote.

I am using the guild on the Ubiquity site. The link will be in the description.
https://help.ui.com/hc/en-us/articles/2049...

Tutorial

You will need to have at least set up with a basic configuration. I did change the IP address of the switch0 to 192.168.80.1

start with “configure.”

configure

Setting the firewall rules
Port 500 is for IPsec to establish securely encrypted tunnels.

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description IKE
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

Esp or Encapsulating Security Payload

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp


Port 4500 is used for NAT traversal for IPsec it let the IPsec traffic pass through the router

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

Port 1701 is used for the L2TP in the VPN.

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

Authentication
authentication for the router.

run the command
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret youtube

A user and password will need to be made.

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username [username] password [secret]

Use RADIUS instead of local authentication.
set vpn l2tp remote-access authentication mode radius
set vpn l2tp remote-access authentication radius-server [address] key [secret]

Address pool
Now we will set what IP address range the VPN clients will use.

do the ip address pool command
set vpn l2tp remote-access client-ip-pool start 192.168.80.240
set vpn l2tp remote-access client-ip-pool stop 192.168.80.249

DNS servers for the VPN clients


run the DNS servers command
set vpn l2tp remote-access dns-servers server-1 [address]
set vpn l2tp remote-access dns-servers server-2 [address]


Setting the interface, the L2TP requests are coming from

For DHCP

Run this command

set vpn l2tp remote-access dhcp-interface eth0

for static
set vpn l2tp remote-access outside-address [wan-address]

for PPPoE
set vpn l2tp remote-access outside-address 0.0.0.0

Setting the IPsec interface witch L2TP request come from.

run the command

set vpn ipsec ipsec-interfaces interface eth4

MTU (Maximum Transmission Unit).
show the command
set vpn l2tp remote-access mtu 1400

Save your work
command
Commit ; save

Chapters
00:00 - intro
00:58 - wan port settings
01:13 - Windows Terminal using ssh
01:16 - getting into configuring the router
01:19 - setting firewall rules
01:46 - first firewall rule
01:59 - first rule action
02:05 - first rule description
02:06 - first rule port
02:08 - first rule logging
02:10 - first rule protocol
02:13 - rule 2
02:30 - second rule action
02:33 - second rule description
02:37 - secend rule loging
02:39 - secend rule portocal
02:42 - rule 3 02:45 - 3 rule action
02:47 - 3 rule description
02:48 - 3 rule port
02:52 - 3 rule logging
02:54 - 3 rule protocol
02:56 - rule 4
03:01 - 4 rule action
03:03 - 4 rule description
03:06 - 4 rule port
03:08 - 4 rule ip-sec
03:14 - 4 rule protocol
03:15 - 4 rule logging
03:17 - setting authentication
03:20 - authentication secret mode
03:37 - authentication secret
03:52 - authentication mode local
03:58 - authentication local user
04:09 - about RADIUS
04:18 - address pool
04:56 - DNS servers for VPN clients
05:17 - L2TP interface assignment
05:56 - ipsec interface assignment
06:04 - about MTU
06:35 - show save and commit
06:44 - setting up VPN on ios
7:16 - setting up windows
08:49 – end