Created
March 11, 2016 21:47
-
-
Save rys/868808662d041a11a4d4 to your computer and use it in GitHub Desktop.
L2TP/IPSec VPN configuration on EdgeRouter X
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| set vpn ipsec ipsec-interfaces interface eth0 # your WAN interface | |
| set vpn ipsec auto-firewall-nat-exclude enable | |
| set vpn ipsec nat-networks allowed-network 0.0.0.0/0 # check that's OK before you set it | |
| set vpn l2tp remote-access authentication mode local | |
| set vpn l2tp remote-access authentication local-users username <user> password <password> | |
| set vpn l2tp remote-access client-ip-pool start <starting IP> | |
| set vpn l2tp remote-access client-ip-pool stop <end IP> | |
| set vpn l2tp remote-access dns-servers server-1 <DNS server IP> | |
| set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret | |
| set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret> | |
| set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 | |
| set vpn l2tp remote-access outside-address <WAN IP address> | |
| set vpn l2tp remote-access outside-nexthop <next hop after the WAN IP, at your ISP> | |
| set vpn l2tp remote-access mtu 1492 | |
| commit | |
| save | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for the gist. I've been using this for a while now. What is the downside of setting outside-address to 0.0.0.0 and leaving off the outside-nexthop? I have a dynamic IP and this keeps the VPN working through WAN IP changes.