Configuring an EdgeMax as an L2TP over IPSec server is a frequent topic here. I’ve been unsuccessful in setting up the ER-X, despite reading numerous posts here.
Eventually, I came across this Ubiquity article, and followed it to the letter:
https://help.ubnt.com/hc/en-us/articles/204950294-EdgeMAX-L2TP-Server
But when I try to commit the new settings, I get this error:
L2TP VPN configuration error: IPSEC did not start
My ER-X is set up as follows, using the WAN+2LAN wizard:
- eth0 WAN interface (PPPoE)
- eth1 Primary LAN: 192.168.1.0/24 (DHCP scope is .20 to .100)
- eth2/3/4 (switch0) 192.168.2.0/24 (DHCP scope is .20 to .100)
Following the Help article, these are the configure commands I entered:
set vpn l2tp remote-access outside-address 0.0.0.0
set vpn l2tp remote-access client-ip-pool start 192.168.1.200
set vpn l2tp remote-access client-ip-pool stop 192.168.1.205
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret “my secret phrase"
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users donald password IbeatHillary
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 8.8.4.4
commit
The commit fails with the error above, indicating that IPSEC didn’t start. Clearly, I’m missing something that’s not in the Help article.
I’m aware that I also have to configure 2 firewall rules (for L2TP and ESP traffic). I’ve done that via the GUI.
Should have mentioned that my objective is to enable remote clients to connect securely through the ER-X to my 192.168.1.0 LAN, and also to the internet.
Thanks.