Further to Darren’s post, here’s the short and sweet how-to configure an L2TP VPN on an EdgeRouter.

First edit the commands below. Next, log into the router with ssh, enter configuration mode and paste the lot in.

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description ike
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp
set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp
set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp
set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

set vpn ipsec ipsec-interfaces interface eth0
set vpn l2tp remote-access outside-address XX.XX.XX.XX

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret SecretSquirrel!
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access client-ip-pool start 192.168.0.240
set vpn l2tp remote-access client-ip-pool stop 192.168.0.249
set vpn l2tp remote-access dns-servers server-1 192.168.1.1
set vpn l2tp remote-access dns-servers server-2 1.1.1.1

set vpn l2tp remote-access authentication local-users username kai_h password hunter2

commit ; save