You can set an MTU to avoid fragmentation and reassembly in the L2TP switching path. Set vpn l2tp remote-access outside-nexthop MTU tuning set vpn l2tp remote-access outside-address Replace with the external IP address received by your ISP. Set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 L2TP routingĬonfigure the outside address and next hop address to enable routing to the internet from a VPN connection. Set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret IPsec requires a pre-shared key for authentication. Set vpn l2tp remote-access client-ip-pool stop 172.16.201.100 IPsec shared key set vpn l2tp remote-access client-ip-pool start 172.16.201.50 The VPN users should also get an IP from the EdgeRouter.
#Edgerouter pia vpn client password#
set vpn l2tp remote-access authentication local-users username password Client IP pool If you use local authentication you have also to define the users in the EdgeRouter. set vpn l2tp remote-access authentication mode local I use the local authentication of the EdgeRouter but you can also use RADIUS. Set vpn ipsec nat-traversal enable Enable L2TP remote access with local authentication Set vpn ipsec nat-networks allowed-network 192.168.0.0/16 Set vpn ipsec nat-networks allowed-network 172.16.0.0/12 Set vpn ipsec nat-networks allowed-network 10.0.0.0/8 set vpn ipsec ipsec-interfaces interface pppoe0 Pppoe0 - Connection to KPN (Internet) Enable IPsec on pppoe0įirst, configure the allowed networks and enable NAT traversal on the pppoe0 interface. I have an Ubiquiti EdgeRouter Lite with 3 ports. To understand the configuration you should first know my setup. By connecting to my VPN server I have always a secure connection and can access my home network from every location with an internet connection.Ĭreating a VPN server on an Ubiquiti EdgeRouter Lite running EdgeOS is easy! In this blog post, I set up an L2TP over IPsec VPN server.