Setting up L2TP With IPsec

Setting up Your Peplink Device

On Balance models, navigate to Network > Remote User Access.

On MAX models, navigate to Advanced > Remote User Access.

The following menu will appear:

Click Enable, and the menu will expand.

Enter your preshared key in the Preshared Key text area.
In the Listen on section, select the WAN ports that you want the L2TP server to pay attention to. Be sure that at least one of the WAN ports have a public IP address.
Under the User Accounts section, enter the Usernames and Passwords for each client who will connect to the VPN. For bulk entry, click the (?) logo to enable pasting directly from a CSV file.

Setting Up Your Android Device

Notice: VPN configuration for Android varies depending on model. If in doubt, please refer to your device documentation.

Open your VPN settings page and tap the + button to add a new VPN profile.

The Edit VPN Profile page will appear, fill it out with the information you entered on your Peplink Device and tap Save. Back on the VPN screen, tap your VPN profile, enter your credentials, and press connect.

Setting Up Your iOS Device

Open your Settings page, tap the General button. Scroll down until you see the VPN column and press the > symbol. On the VPN screen, tap Add VPN Configuration…

The Add Configuration page will appear, fill it out with the information you entered on your Peplink Device and tap Save. Back on the VPN screen, tap the button beside Not Connected to begin connecting via VPN.

Setting Up L2TP VPN for Windows 10

  1. In the lower right corner of the screen, on the taskbar, click on the “Action Center” icon and then select the VPN option.

  1. This will open the “Network & Internet” settings window. Click on “Add a VPN connection”

  1. In the “Add a VPN Connection” window select the options for your connection.

Please follow these instructions when filling the fields:

  • VPN provider: Windows (built-in)
  • Connection Name: Name your connection with something memorable.
  • Server name or address: Enter the host-name or the IP address of your server.
  • VPN Type: Select the VPN type applicable for your connection.
  • Type of sign-in info: Select the authentication method used for your connection.
  • User name: Enter the user name for the VPN connection if applicable.
  • Password: Enter the password for the VPN connection if applicable.
  • Click on “Save” to save the VPN connection settings within Windows 10.
  1. Your saved VPN connection profile is now listed for you to select.

  1. Next we need to configure settings related to the L2TP VPN Connection in the “Network and Sharing Center” Right-Click on the monitor or Wi-Fi icon in the lower right corner of the screen, on the taskbar, then select “Open Network and Sharing Center”.

6)On the left side of the “Network and Sharing Center” window, select “Change adapter settings”

  1. Right click the L2TP VPN Connection just created and select “Properties”

  1. Select the “Security” tab on the top of the properties window.

Please follow these instructions when filling the fields:

  • Select “Allow these protocols”
  • Ensure that “Microsoft CHAP Version 2 (MS-CHAP v2)” is selected.
  • Select the “Advanced settings” button.
  • Ensure that your desired authentication method for the L2TP VPN connection is selected and the key credentials are present, if applicable.

  1. To connect to the L2TP VPN connection click on the monitor or Wi-Fi icon in the lower right corner of the screen, on the taskbar, and select the desired VPN connection. The “Network & Internet” settings window will open.

  1. Select the desired VPN connection and click the “Connect” button.

Setting Up L2TP VPN for OS X El Capitan

1.) To configure a L2TP VPN connection in OS X 10.11, access the “System Preferences…”

2.) Select the “Network” icon to access the network connections.

3.) Select the “+” button in the bottom left corner of the “Network” window to add a new connection.

4.) Select “VPN” for the interface type. Select “L2TP over IPSec” for the VPN Type. Name the network connection accordingly, for easy recognition. Select “Create” to create the new connection.

5.) Enter the IP address of the VPN server you will be connecting to in the “Server Address” area and your username in the “Account Name” area. Select “Authentication Settings” to setup your user authentication credentials.

6.) Enter your user account password in the “Password” area. Enter the “shared secret password” for the connection in the “Shared Secret” area, you may obtain this from your network administrator.

7.) From the network window, select “Advanced” to ensure that traffic traverses the VPN.

8.) In the “Advanced” window, ensure that you are on the “Options” tab and select “Send all traffic over VPN connection” if it is not already selected.

To use your new L2TP connection, select the appropriate connection from the available network connections and then select “Connect” under the connection details.

Setting Up L2TP server behind a NAT device

  1. These are the ports (UDP/500, UDP/1701, UDP/4500) that need to port forwarded by the upstream NAT device to the L2TP server.

  2. We need to add a registry key into Windows PC in order to connect to the L2TP server successfully

  3. Add AssumeUDPEncapsulationContextOnSendRule to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

  4. Set the value to 2

  5. For more info, you may read more here

Setting Up L2TP server using Fusionhub

  1. Please follow the steps above to setup the L2TP server in Fusionhub

  2. In Fusionhub, please make sure DHCP server is enabled at the Fusionhub

8 Likes

I managed to connect a VPN user via WIN7.
Only the user can not connect to printers.
He also does not see them online, am I doing something wrong?

1 Like

Hello, has something changed on how to set this up? I have been trying to connect my laptops(win10) and android/apple devices to the VPN and nothing works. I get the message that the handshaking failed.

I did a network capture on the WAN side of my router and see packets coming in on ports 4500 and 500…
One thing I’m going to try is setting up a site to site tunnel to check if that works.
I have an outgoing speedfusion tunnel to the main office, which I disabled in order to check if that was the issue, but this didn’t help either.

Best Regards,

Derek

A post was split to a new topic: L2TP/IPSec client failed to authenticate with Domain Controller

Why the interface IP of my WAN is 192.168.1.64 which is an internal IP? How can I put a public IP to listen on?

Best Regards,
Kevin

Trying to configure Ivacy VPN on my Windows. Why can’t I find the “L2TP/IPsec with pre-shared key” option in the VPN type dropdown :frowning:

@Cai_Chen

Please check with your Service Provider if they can setup some type of forwarding or how you can go about getting a public IP address.

1 Like

@Sam_Martin,

If you’re using Windows 10, the built in client does have the L2TP w/ Pre-shared key option. If you are required to use Ivacy VPN please reach out to your local support team or to the Ivacy Support.

1 Like

Suggested to use Window 10 build in client

image

Guide can be found using the following post:

1 Like

I set a Peplink One with multiple WANs. One has public IP and the other has a private IP.
I can complete a VPN tunnel with the WAN with the public IP! this instruction is excellent, but…
The WAN that has a private IP, is behind a router that is forwarding a public IP, but I can not get connected.
Any particular configuration for this case with private IP on the router?
Thanks in advance

Is their any changer for this L2TP on latest firmware 7.1.2 build 4094 for BPL-ONE Hardware 3 and BPL-310 Hardware 4? I have upgraded both this model and found This L2TP can not connect.

Event Log just show:
|Mar 05 17:57:36 | L2TP/IPsec: admin disconnected (192.167.0.41)
|Mar 05 17:56:51 | L2TP/IPsec: admin connected (192.167.0.41)|

I have a Pepwave MAX HD2, i cant seem to find this option there, I assume its been taken out. the build I have is 8.0.2 build 4407

Hello @FMRC_Cheeky,
The place to setup IPSec on your Pepwave MAX is under the main menu of “Advanced” along the top & then “Remote User Access” on the left.


Happy to Help,
Marcus :slight_smile:

1 Like

LOL, if it was a snake it would have bit me, I guess I need to get more coffee LOL thanks

1 Like

What ports are needed for this setup since my Peplink device is behind the ISP router(NAT).

I believe this article should help.

2 Likes

Thanks. Sorted it out. For some reason I had to forward 1701 as well.

1 Like

Should this be WAN ports, rather than LAN?

@cryptotuna, thanks for reporting this. It has been changed.

2 Likes

Hello Alan
I own a Balance 310 with firmware 8, i have followed exactly your instructions, but when i try to connect my Macbook under Catalina (10.15.6), i got the message : LPT2 Server doesn’t answer. Can you please help me, i don’t understand what’s wrong