|Setup Point-to-Site VPN with Ubiquiti EdgeRouter

We use a Ubiquiti EdgeRouter Pro at our datacenter here at Member.buzz, and have a VPN that allows us to access our network remotely.

First, access your EdgeRouter via PuTTY, then run the following commands:

⁠configure
set vpn l2tp remote-access client-ip-pool start <Start IP Address>
set vpn l2tp remote-access client-ip-pool stop <End IP Address>
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <VPN Secret>
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access dns-servers server-1 <DNS Server 1>
set vpn l2tp remote-access dns-servers server-2 <DNS Server 2>
set vpn ipsec auto-firewall-nat-exclude enable

Next, if you want to manually create users to access your VPN, run the following:

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <Username> password <Password>

Alternatively, you can authenticate to a RADIUS server (this is what we use so that everyone can login using Active Directory):

set vpn l2tp remote-access authentication mode radius
set vpn l2tp remote-access authentication radius-server <RADIUS Server IP> key <RADIUS Server Key>

If you have a Static IP address for your router, run the following:

set vpn l2tp remote-access outside-address <Static IP>
set vpn l2tp remote-access outside-nexthop ⁠<Static Gateway IP>

If you are using a dynamic IP address, use the following instead:

set vpn l2tp remote-access dhcp-interface ⁠<WAN Interface>

Finally, run the following command to save your changes:

⁠commit; save;

This will allow connections into your Ubiquiti EdgeRouter!