Edgerouter Lite VPN Configuration

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Edgerouter Lite VPN Configuration

t0ny

395 posts

Ultimate Geek

Lifetime subscriber

#196668 8-Jun-2016 16:13

Iam trying to set up VPN on my edge router lite and i can see my client hitting the router but it doesnt appear to do anything after that. The VPN has been set up using the following commands:

set vpn ipsec ipsec-interfaces interface pppoe0
set vpn l2tp remote-access outside-address XX.XX.XX.XX
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access client-ip-pool start 192.168.100.1
set vpn l2tp remote-access client-ip-pool stop 192.168.100.10
set vpn l2tp remote-access dns-servers server-1 192.168.1.10
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication require pap
set vpn l2tp remote-access authentication local-users username XXXX password XXXX
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret XXXX
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access mtu 1492

Firewall has been set up as follows:

set firewall name WAN_LOCAL rule 3 action accept
set firewall name WAN_LOCAL rule 3 description 'Allow IKE for VPN'
set firewall name WAN_LOCAL rule 3 destination port 500
set firewall name WAN_LOCAL rule 3 log disable
set firewall name WAN_LOCAL rule 3 protocol udp

set firewall name WAN_LOCAL rule 4 action accept
set firewall name WAN_LOCAL rule 4 description 'Allow L2TP for VPN'
set firewall name WAN_LOCAL rule 4 destination port 1701
set firewall name WAN_LOCAL rule 4 log disable
set firewall name WAN_LOCAL rule 4 protocol udp

set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description 'Allow ESP for VPN'
set firewall name WAN_LOCAL rule 5 log disable
set firewall name WAN_LOCAL rule 5 protocol esp

set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description 'Allow Nat-T for VPN'
set firewall name WAN_LOCAL rule 6 destination port 4500
set firewall name WAN_LOCAL rule 6 log enable
set firewall name WAN_LOCAL rule 6 protocol udp

Is there anything iam missing?

t0ny

395 posts

Ultimate Geek

Lifetime subscriber

#1568662 9-Jun-2016 13:33

Downgraded to v 1.7 of the firmware and now there is activity. Ill need to spend bit more time looking into it as still not able to connect

t0ny

395 posts

Ultimate Geek

Lifetime subscriber

#1568663 9-Jun-2016 13:33

Downgraded to v 1.7 of the firmware and now there is activity. Ill need to spend bit more time looking into it as still not able to connect

Athsetics

3 posts

Wannabe Geek

#1569809 10-Jun-2016 22:57

Hi there.
From briefly looking at it, i think you missed assigning your next outside hop. Whether or not that helps the situation or if there is something else im not sure but ill try and check tommorrow.

The command to add the next outside hop is;
set vpn l2tp remote-access outside-nexthop x.x.x.x

The ip should be your wan default gateway. If you dont know what it is, you should be able to find it on the routes page.

Hope this helps.

EDIT: one thing to note is currently EdgeMAX doesnt natively support a dynamic IP from PPPoE. If this affects you. Let me know and i can show you a way to do it (but its dirty)

JessieB

37 posts

Geek

#1569872 11-Jun-2016 09:11

I have recently got it working with v1.8 and bigpipe. I have a fixed IP. I also think you need to add next hop which the gateway ip which is found in

/var/log/vyatta/ppp_pppoe0.log.

Cheers.

t0ny

395 posts

Ultimate Geek

Lifetime subscriber

#1570075 11-Jun-2016 17:08

Thanks everyone. I have it working now. I had to reset the router to default and start over. My final setup had the PAP configuration taken out and i also added the next hop.

t0ny

395 posts

Ultimate Geek

Lifetime subscriber

#1570816 13-Jun-2016 08:10

Complete set of commands if anyone wants to set up vpn on the edgerouter. If it doesnt work, reset to default config, set up your pppoe0 interface correctly (look here for info) and then run the following commands:

configure

set vpn ipsec ipsec-interfaces interface pppoe0
set vpn l2tp remote-access outside-address XX.XX.XX.XX
set vpn l2tp remote-access outside-nexthop XX.XX.XX.XX
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access client-ip-pool start XX.XX.XX.XX
set vpn l2tp remote-access client-ip-pool stop XX.XX.XX.XX
set vpn l2tp remote-access dns-servers server-1 XX.XX.XX.XX
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username XXXX password XXXX
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret XXXX
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access mtu 1492

commit;save;exit