Setting up L2TP IPSec clients for EdgeRouter

This is a quick guide on how to setup your client devices to connect to the Ubiquiti EdgeRouter VPN as setup Here


Add a new VPN by going to
Settings > Network & Internet > VPN > Add a VPN connection and setting up with the following details:

VPN Provider: Windows (built-in)
Connection name: L2TP
Server name: Server address or IP
VPN Type: L2TP/IPsec with pre-shared key
Pre-shared key: <secret>
Type of sign-in info: User name and password
User name: <username>
Password: <secret>

Navigate to the windows 10 network settings
Settings > Network & Internet > Status > Change Adapter Options > L2TP Adapter properties and enable CHAP v2

Security > Allow these protocols > Microsoft CHAP Version 2 (MS-CHAP v2)

Apple Mac OS

Add a vpn connection by going to
System Preferences > Network > “+” and completing the following

Interface: VPN
VPN Type: L2TP over IPSec
Service name: VPN (L2TP)

Adjust the new L2TP over IPSec interface by going to
System Preferences > Network > VPN L2TP  and doing the following

Configuration: Default
Server Address: Server Address or IP
Account Name <username>

Add your authentication settings by going to
System Preferences > Network > VPN L2TP > Authentication Settings and add your credentials

User Authentication: <password>
Machine Authentication: <secret>

Windows NAT issue


To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:

  1. Log on to the Windows Vista client computer as a user who is a member of the Administrators group.
  2. Select Start > All Programs > Accessories > Run, type regedit, and then select OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, select Continue.
  3. Locate and then select the following registry
    1. subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  4. On the Edit menu, point to New, and then select DWORD (32-bit) Value.
  5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
  6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then select Modify.
  7. In the Value Data box, type the following values:
    • set to 2, Windows can establish security associations when both the server and VPN client computer (Windows Vista or Windows Server 2008-based) are behind NAT devices.
  8. Select OK, and then exit Registry Editor.
  9. Restart the computer.

2 thoughts on “Setting up L2TP IPSec clients for EdgeRouter”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.