wilmarvh/EdgeMAX Router VPN l2tp-ipsec

## EdgeMAX Router VPN l2tp-ipsec
In CLI:

configure

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <username> password <password>

set vpn l2tp remote-access client-ip-pool start 10.0.0.195
set vpn l2tp remote-access client-ip-pool stop 10.0.0.199
set vpn l2tp remote-access dns-servers server-1 10.0.0.1

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

set vpn ipsec ipsec-interfaces interface pppoe0

set vpn l2tp remote-access outside-address 0.0.0.0 # doing this because ISP gives us a new IP on each pppoe auth, if you have static ip, put that here

set firewall name WAN_LOCAL rule 50 description "Allow IKE"
set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 destination port 500
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 51 description "Allow L2TP"
set firewall name WAN_LOCAL rule 51 action accept
set firewall name WAN_LOCAL rule 51 destination port 1701
set firewall name WAN_LOCAL rule 51 protocol udp

set firewall name WAN_LOCAL rule 52 description "Allow ESP"
set firewall name WAN_LOCAL rule 52 action accept
set firewall name WAN_LOCAL rule 52 protocol 50

set firewall name WAN_LOCAL rule 53 description "Allow NAT-T"
set firewall name WAN_LOCAL rule 53 action accept
set firewall name WAN_LOCAL rule 53 destination port 4500
set firewall name WAN_LOCAL rule 53 protocol udp

commit
save
exit
	In CLI:

	configure

	set vpn l2tp remote-access authentication mode local
	set vpn l2tp remote-access authentication local-users username <username> password <password>

	set vpn l2tp remote-access client-ip-pool start 10.0.0.195
	set vpn l2tp remote-access client-ip-pool stop 10.0.0.199
	set vpn l2tp remote-access dns-servers server-1 10.0.0.1

	set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
	set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>
	set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

	set vpn ipsec ipsec-interfaces interface pppoe0

	set vpn l2tp remote-access outside-address 0.0.0.0 # doing this because ISP gives us a new IP on each pppoe auth, if you have static ip, put that here

	set firewall name WAN_LOCAL rule 50 description "Allow IKE"
	set firewall name WAN_LOCAL rule 50 action accept
	set firewall name WAN_LOCAL rule 50 destination port 500
	set firewall name WAN_LOCAL rule 50 protocol udp

	set firewall name WAN_LOCAL rule 51 description "Allow L2TP"
	set firewall name WAN_LOCAL rule 51 action accept
	set firewall name WAN_LOCAL rule 51 destination port 1701
	set firewall name WAN_LOCAL rule 51 protocol udp

	set firewall name WAN_LOCAL rule 52 description "Allow ESP"
	set firewall name WAN_LOCAL rule 52 action accept
	set firewall name WAN_LOCAL rule 52 protocol 50

	set firewall name WAN_LOCAL rule 53 description "Allow NAT-T"
	set firewall name WAN_LOCAL rule 53 action accept
	set firewall name WAN_LOCAL rule 53 destination port 4500
	set firewall name WAN_LOCAL rule 53 protocol udp

	commit
	save
	exit