In this brief tutorial, we are going to configure an L2TP VPN using the UniFi gui with the Ubiquiti Unifi Security Gateway (USG) The steps are really simple and almost not network knowledge is required.
Step 1: Enable Radius Service
Go to Settings -> Services -> Radius
Make sure the radius service is enabled and it has a good secure secret set.
Step 2: Create a new user
Now we need to create a new user. Again in Settings -> Services -> Radius go to the users' tab and create a new one. You are going to use this user to log into the VPN:
Make sure the following setting is set on the new user:
- Tunnel type: 3-Layer two Tunneling protocol (L2TP)
- Tunnel Medium Type: 1- IPv4 (IP version 4)
You can optionally configure a VLAN, to make this tutorial simple we just leave it empty.
Then click "Save"
Step 3: Create a new network
Go to Settings -> Networks and then click on "Create a new network"
Now we need to set the configuration for the new VPN network, set the following values:
- Purpose: Remote User VPN
- VPN Type: L2TP Server
- Pre-Shared Key: Type a very strong random string (you will need this for login)
- Gateway/Subnet: Set a mask for an unused range, like 192.168.2.0/24
- Radius Profile: Default (unless you want to change it)
You have to wait until provisioning finishes.
Step 4: Configure the client
The client will need to use the following settings:
- Type: L2TP/IPSec PSK
- Server address: The wan address on your USG firewall
- IPsec pre-shared key: The one you set on the previous step (3)
Then you can use the username and password of the user created on step 2)