|Setup Point-to-Site VPN with Ubiquiti EdgeRouter

We use a Ubiquiti EdgeRouter Pro at our datacenter here at Member.buzz, and have a VPN that allows us to access our network remotely.

First, access your EdgeRouter via PuTTY, then run the following commands:

⁠configure
set vpn l2tp remote-access client-ip-pool start 
set vpn l2tp remote-access client-ip-pool stop 
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access dns-servers server-1 
set vpn l2tp remote-access dns-servers server-2 
set vpn ipsec auto-firewall-nat-exclude enable

Next, if you want to manually create users to access your VPN, run the following:

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username  password 

Alternatively, you can authenticate to a RADIUS server (this is what we use so that everyone can login using Active Directory):

set vpn l2tp remote-access authentication mode radius
set vpn l2tp remote-access authentication radius-server  key 

If you have a Static IP address for your router, run the following:

set vpn l2tp remote-access outside-address 
set vpn l2tp remote-access outside-nexthop ⁠

If you are using a dynamic IP address, use the following instead:

set vpn l2tp remote-access dhcp-interface ⁠

Finally, run the following command to save your changes:

⁠commit; save;

This will allow connections into your Ubiquiti EdgeRouter!