Setting Up Ubiquiti Edge max router for VPN L2TP IPsec

Posted on By DavidPosted in how to, router, ubiquitiTagged ,

Quick howto on how to setup a VPN on the Ubiquitt Edge Routers

  1. SSH into your Router
  2. get into configuration Mode
configure

3. Add firewall rules

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description ike
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

Configure the Authentication settings, this is for the local authentication

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <username> password <secret>

Define the DHCP IP Range for VPN Clients, this can not be the same as your other ranges.

set vpn l2tp remote-access client-ip-pool start 192.168.100.240
set vpn l2tp remote-access client-ip-pool stop 192.168.100.249

Define the DNS servers to use

set vpn l2tp remote-access dns-servers server-1 <address>
set vpn l2tp remote-access dns-servers server-2 <address>

Define you WAN interface or DHCP, other options can be found at https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server

set vpn l2tp remote-access dhcp-interface eth0

Define the IPSec interface

set vpn ipsec ipsec-interfaces interface eth0

Commit and Save your changes 

commit ; save

Instructions on setting up your client devices can be found here

1 thought on “Setting Up Ubiquiti Edge max router for VPN L2TP IPsec”

  1. Pingback: Setting up L2TP IPSec clients for EdgeRouter - Sulli

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.