Hi all,
Im the proud owner of an ERL and I've configured it succesfully. I've a Synology NAS. Who is capable of hosting a VPN Server. The configured protocol is L2TP/IPSec. And I was thinking... My ERL has IPSec offload Image may be NSFW.
Clik here to view.
So I've configured the above protocol in my router. The only problem is: I'm able to connect with the VPN server, but I can't get on the internet... It keeps saying that there's a DNS error (DNS Server not found) I can't understand whats wrong. I've red all the first 15 pages on this community but none of the solutions solves my problem Image may be NSFW.
Clik here to view.
.
Hope you guys can help me!
My config:
ubnt@ubnt:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name allow-all {
default-action accept
rule 1 {
action accept
log disable
protocol all
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
protocol all
state {
invalid enable
}
}
}
name allow-est-drop-inv {
default-action drop
enable-default-log
rule 1 {
action accept
log disable
protocol all
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
protocol all
state {
invalid enable
}
}
rule 3 {
action accept
description "Allow L2TP"
destination {
port 500,1701,4500
}
log disable
protocol udp
}
rule 4 {
action accept
description "Allow ESP"
log disable
protocol esp
}
}
name lan-local {
default-action drop
enable-default-log
rule 1 {
action accept
log disable
protocol all
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
protocol all
state {
invalid enable
}
}
rule 100 {
action accept
protocol icmp
}
rule 200 {
action accept
description "Allow HTTP/HTTPS"
destination {
port 80,443
}
protocol tcp
}
rule 600 {
action accept
description "Allow DNS"
destination {
port 53
}
protocol tcp_udp
}
rule 700 {
action accept
description "Allow DHCP"
destination {
port 67,68
}
protocol udp
}
rule 800 {
action accept
description "Allow SSH"
destination {
port 22
}
protocol tcp
}
rule 900 {
action accept
description "Allow UPnP2"
destination {
port 1900
}
protocol tcp_udp
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
speed auto
}
ethernet eth1 {
address 192.168.1.1/24
description LAN
duplex auto
speed auto
}
ethernet eth2 {
description Reserved
disable
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
wan-interface eth0
}
protocols {
igmp-proxy {
disable
disable-quickleave
}
}
service {
dhcp-server {
disabled false
hostfile-update enable
shared-network-name LAN1 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 129.250.35.250
dns-server 129.250.35.251
ip-forwarding {
enable false
}
lease 86400
start 192.168.1.6 {
stop 192.168.1.254
}
static-mapping ToughSwitch {
ip-address 192.168.1.61
mac-address 80:2A:A8:1F:33:33
}
static-mapping Unifi-Controller {
ip-address 192.168.1.111
mac-address 80:2A:A8:4F:08:75
}
unifi-controller 192.168.1.111
}
}
use-dnsmasq disable
}
dhcpv6-server {
shared-network-name LAN1 {
name-server 2001:4860:4860:0:0:0:0:8888
name-server 2001:4860:4860:0:0:0:0:8844
subnet ::/64 {
}
}
}
gui {
http-port 80
https-port 443
older-ciphers disable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
upnp2 {
listen-on eth1
nat-pmp enable
port 1900
secure-mode enable
wan eth0
}
}
system {
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
}
full-name Bryan
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding disable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Amsterdam
}
traffic-control {
}
vpn {
ipsec {
auto-firewall-nat-exclude enable
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username admin {
password ****************
}
}
mode local
}
client-ip-pool {
start 10.2.0.10
stop 10.2.0.25
}
dhcp-interface eth0
dns-servers {
server-1 129.250.35.250
server-2 129.250.35.251
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
ike-lifetime 3600
}
mtu 1400
}
}
}
zone-policy {
zone LAN {
default-action drop
from WAN {
firewall {
name allow-est-drop-inv
}
}
from local {
firewall {
name allow-all
}
}
interface eth1
}
zone WAN {
default-action drop
from LAN {
firewall {
name allow-all
}
}
from local {
firewall {
name allow-all
}
}
interface eth0
}
zone local {
default-action drop
from LAN {
firewall {
name lan-local
}
}
from WAN {
firewall {
name allow-est-drop-inv
}
}
local-zone
}
}
ubnt@ubnt:~$