IPSEC Configuration on Ubiquiti EdgeRouter

Change eth0 to whatever external interface of the Ubiquiti edge router

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0

L2TP Configuration on Ubiquiti edge router

Configure L2TP to use local user authentication

set vpn l2tp remote-access authentication mode local

Add local users for L2TP

set vpn l2tp remote-access authentication local-users username <User> password <SecurePassword>

Configure a range of release IP for DHCP

set vpn l2tp remote-access client-ip-pool start 172.16.0.10
set vpn l2tp remote-access client-ip-pool stop 172.16.0.20

Set the IP Address of DNS server(s) for DHCP

set vpn l2tp remote-access dns-servers server-1 <DNS-IP>

Set the authentication mode for L2TP

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <SecurePassphrase>
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

Set the l2tp listening address to the WAN IP and WAN Gateway

set vpn l2tp remote-access outside-address <WAN-IP>
set vpn l2tp remote-access outside-nexthop <WAN-GW>

MTU Setting

set vpn l2tp remote-access mtu 1492

Save configuration

commit
 save
 exit

 Add NAT from VPN subnet (172.16.0.0/24) to WAN using masquerade to eth0 WAN from EdgeRouter Web interface.

Show Current VPN Status

[email protected]:~$ show vpn remote-access
 Active remote access VPN sessions:
 
 User Time Proto Iface Remote IP TX pkt/byte RX pkt/byte
 ---------- --------- ----- ----- --------------- ------ ------ ------ ------
 User 00h13m58s L2TP l2tp0 172.16.0.10 5.5K 5.3M 4.3K 469.9K
 
 Total sessions: 1

Add L2TP local user on Ubiquiti edge router

set vpn l2tp remote-access authentication local-users username <User> password <Password>

Delete L2TP local user on Ubiquiti edge router

delete vpn l2tp remote-access authentication local-users username <User>