Some time ago I replaced a EdgeRouter Lite in favor of a USG so I could manage everything via the UniFi Controller, experience has been getting better over time but it was a rocky start.
Right now I VPN to my network using OS X Server, it works great except that it only works with iOS and OS X devices, no Windows, Android or other devices. So I figured I'd put my ERL3 to work, the thing is that there is no apparent easy solution for this, all the instructions I've been able to find require the router to be facing the Internet or a different network than the one it's on and I can't find one that lets me keep the USG as the gateway and DHCP master.
I know that I could set an additional network on a VLAN on the USG giving the ERL3 a different subnet, then connect two of its ports (Virtual WAN and LAN) to the switch so it loops back traffic to my main subnet. Or connect it to the load balancer (that's in front of the USG) and redirect VPN ports from the USG to the ERL3 and then combine them at the switch but all of this seems very complicated given the fact that OS X Server serves L2TP VPN using just one port on my switch, behind the USG; OS X Server leases the last 10 IP addresses from the subnet to the VPN clients, naturally these addresses are out of the DHCP pool on the USG.
That's the second issue, if I do the dual router setup and set those 10 IP addresses in the DHCP pool of the ERL3, there is no reason if any other client could just snatch them since they would be being broadcast within the same broadcast domain and I'm not sure what would happen then when a VPN client would like to connect then.
This is the instructions I found: https://help.ubnt.com/hc/en-us/articles/205146070 I found some more articles and posts but they all toy around the same idea. Worst-case scenario I do the dual-router setup but I don't know how either. I think it's not that complicated though but first I though it would be a good idea asking for help before I trash my OS X Server config.
I also found steps on doing it directly on the USG (https://help.ubnt.com/hc/en-us/articles/204953054) but a quick look at the code and I realized it was a PPTP tunnel, not L2TP.
Thanks for your help or advice!
EdgeRouter Lite: 1.8.0
UniFi Controller: 5.0.2 beta
USG: 4.3.15.4872672
↧
EdgeRouter as a standalone L2TP server behind USG
↧