L2TP over IPsec VPN Server

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey what's up YouTube welcome to quick tech solutions today on tips and reviews I'm going to talk about how to set up an l2tp over IPSec VPN server on an edge router stay tuned so in this video I'd like to show you how to set up the VPN server on the edge router we're going to take a look at two different ways of achieving this today one is going to be through the command line interface which you can access right here the second way is going to be through the user interface using the config tree which we can access here once we're done with that we're going to take a look at the firewall and that tab and we're going to look at how to set up a couple of firewall rules that will allow the incoming VPN connections and finally after that we're going to take a look at setting up a mobile VPN connection connecting into the VPN server and monitoring it on the edge router using the command-line interface so hang in there guys and stay tuned so I already have the VPN server configuration set up on my edge router and rather than delete that recreate it and have you guys watch me type in all of the commands I thought I would take a different approach in prepping for this video so I organized all the commands into a series of easy steps for you to follow but before we go through those steps let me at least show you how to get into the command-line interface so to do that just simply log in to your edge router and come over to the top right area here and click on CLI once you open up the command line window you're going to be asked to login with your edge routers username and password so let's go ahead and do that and once you're successfully logged into your edge router you need to type the word configure in order to get into the edit mode so you can begin editing entering the commands into the command line interface so now let's take a closer look at the commands themselves I'm going to start by saying that any information you guys see in italics is being used simply as placeholders for the purpose of this video you guys need to replace this information with the information from your actual networks I will also put all of these steps down below in the video description that being said let's get started with step 1 setting the win interface and the internal networks so basically you just have to set the win interface if you use the routers default setup wizard the default interface is 0 again I have that in italics so make sure you replace that info with the win interface that you actually have set up on your own router next you need to set up and allow the network's you want your remote users to connect to in this case I only have one network that I'm allowing them to connect to so I only have one instance of this command if you have multiple internal networks that you want to allow your remote users to connect to then you can have multiple instances of this command line in defining each of the individual Network IP ranges and then lastly part of step 1 enabling the NAT traversal basically what this does it allows the IPSec protocol to set up and maintain the incoming connections ok moving on to step 2 basically it's self-explanatory you're just telling the edge router the mode of authentication and creating users so in this case the mode is local which means that all the accounts will be stored on the edge router as opposed to let's say using a radius server step 3 setting up the client pool so we've set up the network that we want to allow our remote users to connect to but now we just want to put aside a pool of addresses that we want our remote users to have available when they try to connect via VPN step for setting up the DNS servers you guys could use whatever DNS servers you want for the purpose of this video again i'm using the public dns 8 8 8 8 + 4 - 2 - step 5 setting up the pre shared secret again whatever's in italics you replace with your own information step 6 setting up the outside address now this one's a little interesting because it's all going to be dependent upon the type of connection you have coming in from your ISP if you have a static IP you would use the first in and then put the actual IP where you have the X's for DHCP you would set the DHCP interface to whatever your when interface is and if you're using dynamic DNS with pppoe which I am in this case you would set the outside address to 0 0 0 0 and finally step 7 after typing in all of this information into the command line make sure you save it by using the commit and save commands and type them in exactly as you see them here let's look now at how to set up the VPN server using the config tree this might be a good option for you if you're not comfortable using the command line so let's click on config tree come on over to the left side and go down and expand the VPN arrow here under IPSec let's expand that and first thing you'll see is NAT traversal and remember that was something we said we needed to enable so you see I do have it enabled here under IPSec interfaces this is where you would set your when interface like we talked about earlier and again this is dependent upon the type of connection you have coming in from your ISP we also talked earlier about setting up your internal networks that you'd like your remote users to be able to access and you would do that here under NAT networks allowed network simply click the Add button and add your internal network here let's expand the l2tp arrow and under remote access you'll see here here's where I entered the outside address of 0 0 0 0 because again remember I'm using dynamic DNS this again is all dependent upon the type of connection you have coming in from your ISP under authentication you're telling the router that it's a local authentication again this is where all the accounts are stored on the actual router itself you would set up your local users under local user username and again I only had one user setup and that's me for the purpose of this video we also talked about having your client pool these are the addresses that you have put aside for when your remote users connect you need to have a starting address and an ending address under DNS servers here's where you would put your DNS servers remember I talked about using the public servers for the purpose of this video here's where you enter them and under IPSec settings you would enter your ikiki lifetime of 3600 seconds is fine under authentication is where you tell it the mode is going to be pre shared secret and here is where you enter your pre shared secret whatever you want that to be now step seven under the command line was to commit and save and exit so in order to do that here under the config tree simply click on the preview button I'm not going to do that now because since I have all my information entered it's not going to save anything but if I had entered it for the first time another window would pop up asking me to commit and save so there you go guys this is an alternative way to setting up your VPN server not using the command line next we have to set up a couple of rules for to be exact under the when local rule set in order to allow the incoming VPN connections so I've already clicked on my firewall NAT tab and I'm over here on the firewall policies you can see the default wizard set up my default rules and now we're going to take a look at the when local so I'm going to come over here and click on actions and say edit rule set you can see I have my first two default rules set up by the wizard and then I've added allow I ke for VPN server allow l2tp for VPN server allow ESP for VPN server and allow NAT T for VPN server so let's take a look at how these rules are configured and then I'll actually walk you through setting one up so let's take a look at allow I ke for VPN server I'm going to come over here and click on actions and go to basic so the first thing you need to do when you set up a new rule is to give it a name so right up in here I called it allow I ke for VPN server and you could put anything here this is just for my own purposes so I could identify what the rule is quickly I'm going to enable it I'm going to say accept and I'm going to pick the protocol UDP and I'm simply going to come over to the destination tab and I'm going to enter port 504 I ke and hit save again for the purpose of this video I'm just going to cancel out of here for now let's take a look at the allow l2tp for VPN server again let's go to basic and give it a name allow l2tp for VPN server enable it except protocol UDP come on over to the destination and we're going to allow port 1701 for l2tp okay I'm going to skip ESP for a second let's go down to allow NAT T let's take a look at that rule let's go to the basic again give it a name that's identifiable easy for you enable it accept it protocol UDP come on over to the destination and it's port 4500 again save all your changes now let's take a look at ESP how it's set up basic we're going to allow ESP for VPN server we're going to enable it we're going to accept it I chose to I chose the protocol by name from a drop-down list you could also choose the protocol by protocol number which would be protocol 50 whichever you decide to do is fine just to make sure you simply save your changes and now I'm going to show you from scratch how to create one of these rules so let's create the allow I ke for VPN server so we're going to come on over here under win local and click add new rule I'm going to give it a name allow I ke for VPN I'll just leave it at that for now it's enabled I'm going to say action accept protocol UDP I'm going to come over to the destination tab I'm going to put in port 500 and I'm going to say save now I'm not going to do that now because I already have the rule but I just wanted to take you through the step of creating your firewalls for the final part of this video I'm going to talk about how to set up a VPN connection on an iPhone we're going to connect via VPN to the edge router we should see that the connection is not only successful and connected on the iPhone but in the command-line interface as well Android users I do apologize I don't have an Android device to show you this but the information that you would enter is exactly the same it's just a question on where in your settings you would put this information so let's get started so under my own iPhone I'm going to go to my settings scroll down to general scroll down to VPN now it says not connected because I already have a configuration set up on this device but I'm going to select VPN anyway and there you see home edge router that's the configuration that I already have but for the first time setup we're going to click on the blue add VPN connection the type is going to be l2tp and then on the description that's where I called at home edge router you can give it a description of anything you want under server if you have the static IP that's where you would put your static IP if you have DHCP or pppoe and you're using dynamic DNS this is where you would put the dynamic DNS name here the account is the account you created in my case it was Tony RSA SecurID I'm leaving off password will be the password that I created on the edge router the secret would be the secret the pre-shared secret that I created and I'm going to leave send all traffic to on now I'm not going to do all this right here I'm just showing you where all this information goes I'm going to go back to VPN at the top of my settings and I'm going to just turn it on and it's going to connect to my home edge router and you see it says VPN connecting and eventually I should get the connected status which I did just by showing that it's green it is now connected let's jump over into the edge router interface back into the command line so we'll go click on the CLI button and once I'm logged in I'm going to type in show VPN remote - access and there you can see user Tony is successfully connected l2tp there's the first address in the pool that I had set aside and there you go so that's about it guys for today whichever way you decide to set up your VPN server whether you use the command line or use the config tree remember you have to create the four rules underway and local to allow the incoming VPN connections I hope you like this video and I hope you found it helpful if you did please give it a thumbs up subscribe to the channel and if you have any comments please put them down below I know the way I did this isn't the only way to get this set up if you have other ways or you want to share your comments and feelings please do so my name is Tony with quick tech solutions as always guys thanks for watching see you next time [Music] [Music]
Info
Channel: Quik Tech Solutions L.L.C
Views: 67,593
Rating: 4.9504423 out of 5
Keywords: L2TP over IPsec VPN Server, l2tp vpn server, L2TP over IPsec, L2TP, Set up VPN on Edge Router, ipsec, VPN Server, VPN, l2tp vpn, VPN from iPhone, unifi, ubnt.com, ubiquiti networks, EdgeRouter X SFP, EdgeMax, Remote Access, Remote Access VPN, EdgeRouter Lite, Ubiquiti, layer 2 tunneling protocol (internet protocol), virtual private network, vpn tutorial, vpn configuration, EdgeRouter, EdgeOS, ubnt, l2tp over ipsec, er-lite
Id: nSYmcaOMM7Y
Channel Id: undefined
Length: 14min 26sec (866 seconds)
Published: Tue May 23 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.