How-To Technical

Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server

Post author By jermsmit
Post date November 23, 2014
8 Comments on Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server

I need to configure a L2TP/IPSEC VPN Server for a friend. For this I used Vyatta, well its forked version Vyos

Network Access Requirements

L2TP traffic – UDP 1701
Internet Key Exchange (IKE) – UDP 500
IPSec Network Address Translation (NAT-T) – UDP 4500

L2TP Setup

set vpn l2tp remote-access outside-address X.X.X.X

set vpn l2tp remote-access client-ip-pool start X.X.X.100

set vpn l2tp remote-access client-ip-pool stop X.X.X.200

Authentication

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret FACEBOOK

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access authentication local-users username test password test

IPsec Setup

set vpn ipsec ipsec-interfaces interface eth0

set vpn ipsec nat-traversal enable

set vpn ipsec nat-networks allowed-network 0.0.0.0/0

Commit / Save

commit, then test, if all is working save

Tags IPsec, L2TP, VPN, Vyatta, Vyos

8 replies on “Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server”

Hi,

I performed the configuration above and i can connect on vyos vpn’s, but i lose my internet connection because the vpn connection input a default route in my route table. Could you help me?

You client is possibly configured to route all traffic over the VPN (vyatta/vyos router vpn).
In my case this is what I want.

If your vyataa/vyos setup does not have a default gateway it will be unable to route traffic to the internet

Check your configuration:
vyos@vyos# show system gateway-address
gateway-address X.X.X.1

That’s right man!

Thanks a lot for the quickly response.

my pleasure, and I am glad I could help. Best wishes to you.

[…] Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server … […]

Hi i followed your blog for configuring l2tp vpn for our mobile users, but i am keep on getting the error “Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]” , any idea?

I have L2L VPN setup that works fine but need to control the networks allowed for access for VPN users. So when a user lands , he gets access to only permitted networks & since my user IP segment is different than LAN, I’m looking to push route from Vyos to VPN users. I have exact same scenario working on Cisco ASA. Please guide..

Hi!

I want to connect to vyos through PPTP or L2TP on the branch router(TP-LINK). How to set it and how to set the route
thank you!

8 replies on “Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server”

Leave a Reply Cancel reply