Configure L2TP VPN on D-Link DSR-250 Router




IPSec Policy
Policy Name: L2TPVPN
Policy Type: Auto Policy
IP Protocol Version: IKEv1
L2TP Mode: Gateway
IPSec Mode: Transport Mode
Select Local Gateway: Dedicated WAN
Remote Endpoint: FQDN
IP Address / FQDN: 0.0.0.0
Enabled Mode Config: off
Enable RollOver: off
Protocol: ESP
Enable Keepalive: off


Phose 1(IKE SA Prams)
Exchange Mode: Main
Direction\type: Responder
Nat Traversal: on
Nat Keep Alive Frequency: 20 sec
Local Identifier Type: Local WAN IP
Remote Identifier Type: FQDN
Remote Identifier: 0.0.0.0
Encryption Algorithms: AES128, AES256, 3DES
Authentication Algorithms: SHA1, SHA2-256
Authentication Method pre-sharedkey
preshared key:
DH Group: Group 2
SA-Lifetime: 28800
Enable Dead peer detection: on
Detection period 20
Reconnect After Failure: 5
Extended Authentication: None


Phase 2
SA Lifetime: 3600 seconds
Encryption Algorithm: 3DES, AES128, AES256
Integrity Algorithm: SHA1, SHA2-256


PFS Key Group: off

VPN -> L2TP Server
Enable L2TP Server: Enabled IPv4
L2TP Routing Mode: Nat
Starting IP Address: 192.168.0.50 (Note: personal preference)
Ending IP Address: 192.168.0.65 (Note: personal preference)
Authentication Database
Authentication: Local User Database
Authentication Supported
CHAP, MS-CHAP, MS-CHAPv2
Encryption
Secret Key: off
Idle Timeout 300seonds


Security -> Internal User database
Groups
Added a group
Group Name L2TP
Description L2TP VPN Users
User type: Network
PPTP User: off
L2TP User: on
Xauth User: off
SSLVPN User: off
idle timeout: 10 minutes


Users
Add user Select group L2TP

Setting up Windows
Create a vpn
Hostname /IP address of destination is my Static IP XXX.YYY.XXX.YYY
On the security tab, set the type to Layer 2 Tunneling Protocol with IPSec
Click advance settings, select use pre-shared key for authentication set it to
Check Allow these protocols
select CHAP and MS-CHAPv2
Login, username and password of the user on the DSR-250 DB


Setting up on iOS
Create a VPN configuration
TYPE: l2TP
Description my vpn
Server: Static IP XXX.YYY.XXX.YYY
account: username and password of the user on the DSR-250 DB
Secret:
Send all traffic: enabled

Android
Add VPN
Name: My VPN
Type: L2TP/IPSec PSK
Server Address: Static IP XXX.YYY.XXX.YYY
L2TP Secret: not used
IPSec Identifier: Not Used
IPSec pre-shared key
Save
Connect, enter your username and password of the user on the DSR-250 DB
Post a Comment

Popular Posts