|
1 | 1 | # EdgeRouter-L2TP-VPN-Server-Setup |
2 | | -Setup a L2TP VPN Server with static DNS mapping fixed. Firmware version: 2.0.8 |
| 2 | + |
| 3 | +Setup a L2TP VPN Server with static DNS mapping fixed allowing to resolve from VPN connections |
| 4 | + |
| 5 | +Firmware version: 2.0.8 |
| 6 | + |
| 7 | +Need customize: |
| 8 | + <USER> |
| 9 | + <PASSWORD> |
| 10 | + <SHARED-SECRET> |
| 11 | + <ROUTER-IP> |
| 12 | + <IP-POOL-START> |
| 13 | + <IP-POOL-END> |
| 14 | + |
| 15 | +Be sure that IP-POOL-START and IP-POOL-END no interfer on local network IPs. |
| 16 | + |
| 17 | +My example on network 10.0.0.1/24 with a DHCP in range 10.0.0.32 to 10.0.0.199. |
| 18 | +Assuming that internet connection is on *eth0* |
| 19 | + |
| 20 | +USER: vpnuser |
| 21 | +PASSWORD: vpnpass |
| 22 | +SHARED-SECRET: thesecret |
| 23 | +ROUTER-IP: 10.0.0.1 |
| 24 | +IP-POOL-START: 10.0.0.200 |
| 25 | +IP-POOL-END: 10.0.0.249 |
| 26 | + |
| 27 | +Access to router via ssh: |
| 28 | + |
| 29 | +`$ ssh admin@10.0.0.1` |
| 30 | + |
| 31 | +Then execute the scripts: |
| 32 | + |
| 33 | +``` |
| 34 | +configure |
| 35 | +
|
| 36 | +set firewall name WAN_LOCAL rule 30 action accept |
| 37 | +set firewall name WAN_LOCAL rule 30 description ike |
| 38 | +set firewall name WAN_LOCAL rule 30 destination port 500 |
| 39 | +set firewall name WAN_LOCAL rule 30 log disable |
| 40 | +set firewall name WAN_LOCAL rule 30 protocol udp |
| 41 | +
|
| 42 | +set firewall name WAN_LOCAL rule 40 action accept |
| 43 | +set firewall name WAN_LOCAL rule 40 description esp |
| 44 | +set firewall name WAN_LOCAL rule 40 log disable |
| 45 | +set firewall name WAN_LOCAL rule 40 protocol esp |
| 46 | +
|
| 47 | +set firewall name WAN_LOCAL rule 50 action accept |
| 48 | +set firewall name WAN_LOCAL rule 50 description nat-t |
| 49 | +set firewall name WAN_LOCAL rule 50 destination port 4500 |
| 50 | +set firewall name WAN_LOCAL rule 50 log disable |
| 51 | +set firewall name WAN_LOCAL rule 50 protocol udp |
| 52 | +
|
| 53 | +set firewall name WAN_LOCAL rule 60 action accept |
| 54 | +set firewall name WAN_LOCAL rule 60 description l2tp |
| 55 | +set firewall name WAN_LOCAL rule 60 destination port 1701 |
| 56 | +set firewall name WAN_LOCAL rule 60 ipsec match-ipsec |
| 57 | +set firewall name WAN_LOCAL rule 60 log disable |
| 58 | +set firewall name WAN_LOCAL rule 60 protocol udp |
| 59 | +
|
| 60 | +set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret |
| 61 | +set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <SHARED-SECRET> |
| 62 | +
|
| 63 | +set vpn l2tp remote-access authentication mode local |
| 64 | +set vpn l2tp remote-access authentication local-users username <USER> password <PASSWORD> |
| 65 | +
|
| 66 | +set vpn l2tp remote-access client-ip-pool start <IP-POOL-START> |
| 67 | +set vpn l2tp remote-access client-ip-pool stop <IP-POOL-END> |
| 68 | +
|
| 69 | +set vpn l2tp remote-access dns-servers server-1 <ROUTER-IP> |
| 70 | +set vpn l2tp remote-access dns-servers server-2 1.1.1.1 |
| 71 | +
|
| 72 | +set vpn l2tp remote-access outside-address 0.0.0.0 |
| 73 | +
|
| 74 | +set vpn ipsec ipsec-interfaces interface eth0 |
| 75 | +
|
| 76 | +set service dns forwarding options "listen-address=<ROUTER-IP>" |
| 77 | +
|
| 78 | +commit ; save |
| 79 | +
|
| 80 | +exit |
| 81 | +
|
| 82 | +``` |
| 83 | + |
| 84 | +Commands for check VPN Access |
| 85 | + |
| 86 | +`$ show vpn remote-access` |
| 87 | + |
| 88 | +`$ show vpn ipsec sa` |
| 89 | + |
0 commit comments