Introduction
VPN: Virtual Private Network is a technology used to interconnect two or more private networks located in different sites or connect a remote client to a company's network.
PPTP: Point-to-Point Tunneling Protocol requires port 1723 in TCP.
L2TP: Layer 2 Tunneling Protocol requires port 1701 in UDP.
IPsec: Requires ports 500 and 4500 in UDP.
The configuration is based on either of the two protocols, PPTP or L2TP, for both LAN to Client and LAN to LAN network setups.
Configuration Manual: L2TP VPN Client
Configuration
1. Access the device.
IP: 192.168.1.1 on the management port (MGMT). You can access it through any other IP configured on its ports.
Username: admin
Password: Configured the first time you access it.
2. Follow the path below to configure the VPN service:
Network -> VPN: Click on "Configure" to begin configuring the VPN.
3. It will open a dialog box prompting you to select the VPN operation mode on that device:
Headquarter: VPN Server
Branch: VPN Client
Click on Headquarter, and proceed to the next tab (click on "next").
4. Choose the type of clients that this VPN server will have:
Mobile User: Users connecting through a PC or a mobile device (LAN to Client).
Branch: Router to establish a LAN-to-LAN VPN.
NOTE: You have the option to select both if that is applicable to your situation.
5. Type of VPN to be used in this service.
Mobile User: Supports PPTP, L2TP (with IPsec option).
Branch: Can be L2TP, IPsec, and L2TP with IPsec encryption.
Select the one you want to use.
6. Choose the network addressing that you will provide to the VPN clients through the tunnel.
Select the address range, which depends on the number of connections you need over the VPN.
Local Tunnel IP: 192.168.115.1 (This will be taken automatically) based on the configuration in the previous image. This will depend on the segment you assigned.
Local Tunnel Mask: Select the network size (Mask). (You can leave it as the default).
Allow HQ to Access: This option is for when a client router is going to connect.
If you enable the "Branch" checkbox for the client router, fill in the following information.
Branch Tunnel IP: Enter a fixed IP for the client router. (The IP must be within the tunnel IPs).
The Branch Network: Select the LAN network segment of your client router. This is to establish the communication route.
7. Add the credentials for the VPN users.
Example:
User: epcom
Password: epcom
Click in "Add".
8. The next step will only open if you selected L2TP/IPsec; if you chose PPTP, this tab will not appear (skip this step).
Enter the IPsec password.
NOTE: You have the option to change the encryption cipher for IPsec.
9. Click on "Finish" to close the configuration.
It will display the diagram of the users that we created.
10. Access the device through the CLI (can be Telnet, SSH, Console, or through the cloud).
Accessing via Telnet:
Enable SSH service.
Access via console.
When you access the device, type the following commands:
ena
conf t
int virtual-template 2
ppp authentication pap chap ms-chap-v2
end
wr
With this, the VPN server configuration is complete.