Edgerouter Lite VPN Configuration

✨ Quic broadband | Apple TV | Samsung | AliExpress | Wise | Sharesies

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Edgerouter Lite VPN Configuration

t0ny

414 posts

Ultimate Geek
+1 received by user: 84

Lifetime subscriber

#196668 8-Jun-2016 16:13

Send private message

Iam trying to set up VPN on my edge router lite and i can see my client hitting the router but it doesnt appear to do anything after that. The VPN has been set up using the following commands:

set vpn ipsec ipsec-interfaces interface pppoe0
set vpn l2tp remote-access outside-address XX.XX.XX.XX
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access client-ip-pool start 192.168.100.1
set vpn l2tp remote-access client-ip-pool stop 192.168.100.10
set vpn l2tp remote-access dns-servers server-1 192.168.1.10
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication require pap
set vpn l2tp remote-access authentication local-users username XXXX password XXXX
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret XXXX
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access mtu 1492

Firewall has been set up as follows:

set firewall name WAN_LOCAL rule 3 action accept
set firewall name WAN_LOCAL rule 3 description 'Allow IKE for VPN'
set firewall name WAN_LOCAL rule 3 destination port 500
set firewall name WAN_LOCAL rule 3 log disable
set firewall name WAN_LOCAL rule 3 protocol udp

set firewall name WAN_LOCAL rule 4 action accept
set firewall name WAN_LOCAL rule 4 description 'Allow L2TP for VPN'
set firewall name WAN_LOCAL rule 4 destination port 1701
set firewall name WAN_LOCAL rule 4 log disable
set firewall name WAN_LOCAL rule 4 protocol udp

set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description 'Allow ESP for VPN'
set firewall name WAN_LOCAL rule 5 log disable
set firewall name WAN_LOCAL rule 5 protocol esp

set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description 'Allow Nat-T for VPN'
set firewall name WAN_LOCAL rule 6 destination port 4500
set firewall name WAN_LOCAL rule 6 log enable
set firewall name WAN_LOCAL rule 6 protocol udp

Is there anything iam missing?

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

t0ny

414 posts

Ultimate Geek
+1 received by user: 84

Lifetime subscriber

#1570816 13-Jun-2016 08:10

Send private message

Complete set of commands if anyone wants to set up vpn on the edgerouter. If it doesnt work, reset to default config, set up your pppoe0 interface correctly (look here for info) and then run the following commands:

configure

set vpn ipsec ipsec-interfaces interface pppoe0
set vpn l2tp remote-access outside-address XX.XX.XX.XX
set vpn l2tp remote-access outside-nexthop XX.XX.XX.XX
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access client-ip-pool start XX.XX.XX.XX
set vpn l2tp remote-access client-ip-pool stop XX.XX.XX.XX
set vpn l2tp remote-access dns-servers server-1 XX.XX.XX.XX
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username XXXX password XXXX
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret XXXX
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access mtu 1492

set firewall name WAN_LOCAL rule 3 action accept
set firewall name WAN_LOCAL rule 3 description 'Allow IKE for VPN'
set firewall name WAN_LOCAL rule 3 destination port 500
set firewall name WAN_LOCAL rule 3 log disable
set firewall name WAN_LOCAL rule 3 protocol udp

set firewall name WAN_LOCAL rule 4 action accept
set firewall name WAN_LOCAL rule 4 description 'Allow L2TP for VPN'
set firewall name WAN_LOCAL rule 4 destination port 1701
set firewall name WAN_LOCAL rule 4 log disable
set firewall name WAN_LOCAL rule 4 protocol udp

set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description 'Allow ESP for VPN'
set firewall name WAN_LOCAL rule 5 log disable
set firewall name WAN_LOCAL rule 5 protocol esp

set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description 'Allow Nat-T for VPN'
set firewall name WAN_LOCAL rule 6 destination port 4500
set firewall name WAN_LOCAL rule 6 log enable
set firewall name WAN_LOCAL rule 6 protocol udp

commit;save;exit

News and reviews »

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Spark Launches Satellite Service with SMS and data options
Posted 2-Apr-2026 09:16

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2026 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright