Edgerouter Add Ipsec Vpn Connection To Interfaces
Full disclosure: I know little to nothing about VPN.I have a Ubiquiti Edgerouter Lite set up as the router on a small 6 PC Windows Server 2012R2 Essentials network. The router is in default configuration and provides DHCP services to the network clients and little else.A relative of the owner, who claims to be familiar with VPN connectivity, has managed to get a single VPN connection working, but he now complains that it doesn't appear to support multiple simultaneous connections. I find that hard to believe.Any instructions, hints etc. Will be greatly appreciated.Thank you. Robert - 99% of the time I agree with your thought process. However, I never ever open (or allow IMS to open) 'back doors'. We use a TON of SSL VPN and even allow staff on via BOVPN if they have a device that we will support in their home (we also have a process to install a WatchGuard device in a providers home - at their cost for the hardware).For us, it is easier to go the SSL route as it is simply a web page from about any device and then we just setup rules for the user to access their 'stuff'.
Easy as each sub-specialty has their own subnet for the most part.But, the idea of a back door to get in? Heck, only IMS would know how to use and or configure it. If the front door does not work.someone is heading to the data center. BicycleRiderUSCF wrote:Robert - 99% of the time I agree with your thought process. However, I never ever open (or allow IMS to open) 'back doors'. We use a TON of SSL VPN and even allow staff on via BOVPN if they have a device that we will support in their home (we also have a process to install a WatchGuard device in a providers home - at their cost for the hardware).For us, it is easier to go the SSL route as it is simply a web page from about any device and then we just setup rules for the user to access their 'stuff'. Easy as each sub-specialty has their own subnet for the most part.But, the idea of a back door to get in?
Heck, only IMS would know how to use and or configure it. If the front door does not work.someone is heading to the data center.Let me clarify.Each campus has a public-facing firewall.
When I need to VPN in to fix something, that's the entry point I use. But, what if the problem is the firewall itself? Or with the router or switch directly behind the firewall?Enter Edge. Each campus has an Edge Lite connected to an ISP. The four of them form a mesh.
If you VPN into one of them, you wind up on the management network for that campus. From there, I can L2 directly to all infrastructure devices - no router needed and it bypasses the entry switch.If necessary, I could then reboot, reprogram, or even activate ports to re-wire the network to work around the bad component. (Reroute the power to the primary couplers, Mr. Scott!)I call it a back door because it's not the front door. Not because it's nefarious.
It has all the security of our public-facing interfaces.
Ipsec Vpn Software
Edgerouter L2tp Client
Open the web browser of choice and enter the LAN IP of the edgemax to login to the portal.Go to the Security Tab and then find WANLocal in the Firewall Rules.Click Actions on the right and drop down choosing Edit RulesetAdd a new rule with the following settings:Basic Tab:Description = L2TPEnable = Checked (true)Action = AcceptProtocol = UDPChoose the Destination TabPorts = 500,1701,4500 (no spaces)SaveAdd another rule in the rulesetDescription = ESPEnable = Checked (true)Action = AcceptProtocol = choose by name then choose ESPSaveSave again to exit the firewall settings. On your windows box that needs to VPN into the Ubiquiti you will create a new VPN connect using the wizard and then go to ncpa.cpl and set the properties on the VPN connect. Specifically three settings:1 - On the security tab of the VPN connection properties change the type of VPN to Layer 2 Tunneling ProtocolChoose Advanced Settings right below that option and set the shared secret you used above when configuring the L2TP server.Under allow these protocols choose Challenge Handshake and Microsoft CHAP Version 2Under the Networking tab choose IPV4 then advanced and turn off the option for Use Default Gateway On Remote Network so you can browse the internet locally while connected to the VPN.