Last active
December 12, 2018 09:05
-
-
Save versionsix/229e65cf72d804a8349096d7de055910 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| set firewall name WAN_LOCAL rule 100 action accept | |
| set firewall name WAN_LOCAL rule 100 description 'Allow IKE for Remote VPN Server' | |
| set firewall name WAN_LOCAL rule 100 destination port 500 | |
| set firewall name WAN_LOCAL rule 100 log enable | |
| set firewall name WAN_LOCAL rule 100 protocol udp | |
| set firewall name WAN_LOCAL rule 110 action accept | |
| set firewall name WAN_LOCAL rule 110 description 'Allow L2TP for Remote VPN Server' | |
| set firewall name WAN_LOCAL rule 110 destination port 1701 | |
| set firewall name WAN_LOCAL rule 110 log enable | |
| set firewall name WAN_LOCAL rule 110 protocol udp | |
| set firewall name WAN_LOCAL rule 120 action accept | |
| set firewall name WAN_LOCAL rule 120 description 'Allow ESP for Remote VPN Server' | |
| set firewall name WAN_LOCAL rule 120 log enable | |
| set firewall name WAN_LOCAL rule 120 protocol esp | |
| set firewall name WAN_LOCAL rule 130 action accept | |
| set firewall name WAN_LOCAL rule 130 description 'Allow Nat-T for Remote VPN Server' | |
| set firewall name WAN_LOCAL rule 130 destination port 4500 | |
| set firewall name WAN_LOCAL rule 130 log enable | |
| set firewall name WAN_LOCAL rule 130 protocol udp | |
| set vpn ipsec ipsec-interfaces interface eth0 # your WAN interface | |
| set vpn ipsec auto-firewall-nat-exclude enable | |
| set vpn ipsec nat-networks allowed-network 0.0.0.0/0 # check that's OK before you set it | |
| set vpn l2tp remote-access authentication mode local | |
| set vpn l2tp remote-access authentication local-users username <user> password <password> | |
| set vpn l2tp remote-access client-ip-pool start <starting IP> | |
| set vpn l2tp remote-access client-ip-pool stop <end IP> | |
| set vpn l2tp remote-access dns-servers server-1 <DNS server IP> | |
| set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret | |
| set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret> | |
| set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 | |
| set vpn l2tp remote-access outside-address <WAN IP address> | |
| set vpn l2tp remote-access outside-nexthop <next hop after the WAN IP, at your ISP> | |
| set vpn l2tp remote-access mtu 1492 | |
| commit | |
| save | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Credits als go to:
https://gist.github.com/rys/868808662d041a11a4d4
http://vbrainstorm.com/setup-an-l2tpipsec-vpn-on-your-ubitquiti-edgerouter/