Our thinking

Configure L2TP VPN Server on Ubiquity EdgeRouter Lite

As Apple have removed PPTP VPN support from macOS Sierra (10.12 and iOS 10) I’m changing clients over to L2TP over IPSec VPNs instead. Once the VPN server is configured, there’s not much difference to configuring it at the client end over PPTP, the main difference is that you need two passwords – one for the user and one for the shared secret (or pre-shared key).

Fortunately Ubiquity have a pretty decent writeup on how to configure L2TP VPN on an EdgeMax device, such as the EdgeRouter Lite.

Unfortunately they leave out a few key steps on configuring the IPSec side of things – if you already have a site-to-site IPSec VPN then these settings will already be configured and you don’t need to worry. If you don’t however you’ll also need to enter the following three commands into the router before you commit the changes:

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network

Once you’ve entered them in, you can commit and save and your VPN endpoint should be working.

Leave a Reply