Categories
How-To Technical

Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server

I need to configure a L2TP/IPSEC VPN Server for a friend. For this I used Vyatta, well its forked version Vyos

 

Network Access Requirements

  • L2TP traffic – UDP 1701
  • Internet Key Exchange (IKE) – UDP 500
  • IPSec Network Address Translation (NAT-T) – UDP 4500

 

L2TP Setup

set vpn l2tp remote-access outside-address X.X.X.X

set vpn l2tp remote-access client-ip-pool start X.X.X.100

set vpn l2tp remote-access client-ip-pool stop X.X.X.200

Authentication

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret FACEBOOK

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access authentication local-users username test password test

IPsec Setup

set vpn ipsec ipsec-interfaces interface eth0

set vpn ipsec nat-traversal enable

set vpn ipsec nat-networks allowed-network 0.0.0.0/0

Commit / Save

commit, then test, if all is working save

8 replies on “Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server”

Hi,

I performed the configuration above and i can connect on vyos vpn’s, but i lose my internet connection because the vpn connection input a default route in my route table. Could you help me?

You client is possibly configured to route all traffic over the VPN (vyatta/vyos router vpn).
In my case this is what I want.

If your vyataa/vyos setup does not have a default gateway it will be unable to route traffic to the internet

Check your configuration:
vyos@vyos# show system gateway-address
gateway-address X.X.X.1

Hi i followed your blog for configuring l2tp vpn for our mobile users, but i am keep on getting the error “Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]” , any idea?

I have L2L VPN setup that works fine but need to control the networks allowed for access for VPN users. So when a user lands , he gets access to only permitted networks & since my user IP segment is different than LAN, I’m looking to push route from Vyos to VPN users. I have exact same scenario working on Cisco ASA. Please guide..

Leave a Reply to Suneesh Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.