Configuration: L2Tp Over Ipsec VPN
Configuration: L2Tp Over Ipsec VPN
Introduction
Layer 2 Tunnel Protocol (L2TP) over IPsec is a very common way of configuring remote
access via VPN. This article shows an example of the configuration process in VyOS.
Configuration
IPsec
Assuming an external interface of eth0:
L2TP
Assuming a public IP of 203.0.113.2 and an address pool for VPN clients of
192.168.255.2 - 192.168.255.254:
Firewall
Additional configuration may be needed if you have a firewall policy on the external
interface.
When NAT is detected by the client's VPN software, ESP is encapsulated in UDP for NAT
traversal, hence UDP port 4500.
Additionally, clients will need their DNS servers configured (this example uses Google's
public DNS servers; replace with your organization's if desired):