configure
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret $secret
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
# dhcp
set vpn l2tp remote-access client-ip-pool start 192.168.1.100
set vpn l2tp remote-access client-ip-pool stop 192.168.1.110
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 8.8.4.4
# pppoe
set vpn l2tp remote-access outside-address 0.0.0.0
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username $username password $password
set vpn l2tp remote-access mtu 1492
set vpn l2tp remote-access authentication require mschap-v2
commit
save
- IKE: 500
- L2TP: 1701
- NAT-T: 4500
configure
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description IKE
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp
set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description L2TP
set firewall name WAN_LOCAL rule 40 destination port 1701
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol udp
set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description ESP
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol esp
set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description NAT-T
set firewall name WAN_LOCAL rule 60 destination port 4500
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp
commit
save