L2TP Server Configuration
# change eth1 to whatever is the external interface port of the Edgemax
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local
#Add local users for L2TP
set vpn l2tp remote-access authentication local-users username WhateverUserName password WhatEverUserPassword
# Set a range of IP addresses that are not being used by your LAN DHCP
set vpn l2tp remote-access client-ip-pool start 192.168.x.x
set vpn l2tp remote-access client-ip-pool stop 192.168.x.x
# Set the DNS servers to give out over DHCP for VPN Name Resolution
set vpn l2tp remote-access dns-servers server-1 192.168.x.x
set vpn l2tp remote-access dns-servers server-2 192.168.x.x
# Set the authentication mode for L2TP
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret ThisIsYourLongPassword
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
# Set the l2tp listening address to the WAN IP and WAN Gateway
set vpn l2tp remote-access outside-address ThisIsYourWANIP
set vpn l2tp remote-access outside-nexthop ThisIsYourWAN-GW-IP
# Optional to set the MTU but I do this just in case they end up on DSL or T1
set vpn l2tp remote-access mtu 1492
commit
save
exit |