***** NO NEED TO CHANGE THE ADVANCED SETTINGS LIKE I SHOW HERE ON THE FIREWALL RULES ***** Since Apple removed PPTP in iOS 10 people have been asking about setting up the L2TP IPSec server on an EdgeRouter. See the comment below about adjusting your MTU if you can’t connect after using my configuration!
Enjoy!
Here are the commands:
configure
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username whowe password LETMEIN!
set vpn l2tp remote-access client-ip-pool start 192.168.66.20
set vpn l2tp remote-access client-ip-pool stop 192.168.66.22
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 4.2.2.2
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret REALLYLETMEIN!
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn ipsec auto-firewall-nat-exclude enable
set vpn l2tp remote-access dhcp-interface eth0
commit
save
You then need firewall rules in WAN_LOCAL for:
IKE – UPD 500; L2TP – UDP 1701; ESP – Protocol 50; NAT-T UDP 4500
Thank you again! Please subscribe, comment, share, and give a thumbs-up!