How to configure L2TP VPN on the UniFi Security Gateway?

Introduction

In this brief tutorial, we are going to configure an L2TP VPN using the UniFi gui with the Ubiquiti Unifi Security Gateway (USG) The steps are really simple and almost not network knowledge is required.

Step 1: Enable Radius Service

Go to Settings -> Services -> Radius

Make sure the radius service is enabled and it has a good secure secret set.

Unifi VPN setup: Radius service configuration

Step 2: Create a new user

Now we need to create a new user. Again in Settings -> Services -> Radius go to the users' tab and create a new one. You are going to use this user to log into the VPN:

Unifi VPN setup: Create new user

Make sure the following setting is set on the new user:

  • Tunnel type: 3-Layer two Tunneling protocol (L2TP)
  • Tunnel Medium Type: 1- IPv4 (IP version 4)

You can optionally configure a VLAN, to make this tutorial simple we just leave it empty.

Then click "Save"

Step 3: Create a new network

Go to Settings -> Networks and then click on "Create a new network"

Unifi VPN setup: Create new network

Now we need to set the configuration for the new VPN network, set the following values:

  • Purpose: Remote User VPN
  • VPN Type: L2TP Server
  • Pre-Shared Key: Type a very strong random string (you will need this for login)
  • Gateway/Subnet: Set a mask for an unused range, like 192.168.2.0/24
  • Radius Profile: Default (unless you want to change it)

Click "Save"

You have to wait until provisioning finishes.

Step 4: Configure the client

The client will need to use the following settings:

  • Type: L2TP/IPSec PSK
  • Server address: The wan address on your USG firewall
  • IPsec pre-shared key: The one you set on the previous step (3)

Then you can use the username and password of the user created on step 2)