IPSEC Site-to-Site for Edgerouter Lite

IPSEC Site-to-Site

set vpn ipsec disable-uniqreqids
set vpn ipsec esp-group vpntunnel
set vpn ipsec esp-group vpntunnel compression disable
set vpn ipsec esp-group vpntunnel lifetime 86400
set vpn ipsec esp-group vpntunnel mode tunnel
set vpn ipsec esp-group vpntunnel pfs disable
set vpn ipsec esp-group vpntunnel proposal 1
set vpn ipsec esp-group vpntunnel proposal 1 encryption 3des
set vpn ipsec esp-group vpntunnel proposal 1 hash sha1
set vpn ipsec ike-group vpntunnel
set vpn ipsec ike-group FOO0 lifetime 86400
set vpn ipsec ike-group vpntunnel proposal 2
set vpn ipsec ike-group vpntunnel proposal 2 dh-group 2
set vpn ipsec ike-group vpntunnel proposal 2 encryption 3des
set vpn ipsec ike-group vpntunnel proposal 2 hash sha1
set vpn ipsec site-to-site peer 88.88.88.88
set vpn ipsec site-to-site peer 88.88.88.88 local-address 99.99.99.99
set vpn ipsec site-to-site peer 88.88.88.88 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 88.88.88.88 authentication pre-shared-secret thisisalongsecret
set vpn ipsec site-to-site peer 88.88.88.88 connection-type initiate
set vpn ipsec site-to-site peer 88.88.88.88 default-esp-group FOO0
set vpn ipsec site-to-site peer 88.88.88.88 ike-group FOO0
set vpn ipsec site-to-site peer 88.88.88.88 tunnel 1
set vpn ipsec site-to-site peer 88.88.88.88 tunnel 1 esp-group FOO0
set vpn ipsec site-to-site peer 88.88.88.88 tunnel 1 local prefix 192.168.10.0/24
set vpn ipsec site-to-site peer 88.88.88.88 tunnel 1 remote prefix 192.168.1.0/24

L2TP VPN Configuration for Edgerouter Lite

L2TP VPN Configuration

set vpn l2tp remote-access client-ip-pool start 192.168.10.140
set vpn l2tp remote-access client-ip-pool stop 192.168.10.149
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret “Secret”
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username test password test
set vpn l2tp remote-access mtu 1492
set vpn l2tp remote-access dns-servers server-1 192.168.10.1
set vpn l2tp remote-access dns-servers server-2 8.8.8.8
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0

Standard configuration for Edgerouter Lite

Standard Configuration
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN enable-default-log
set firewall name WAN_IN rule 1 action accept
set firewall name WAN_IN rule 1 description “Allow established connections”
set firewall name WAN_IN rule 1 state established enable
set firewall name WAN_IN rule 1 state related enable
set firewall name WAN_IN rule 2 action drop
set firewall name WAN_IN rule 2 log enable
set firewall name WAN_IN rule 2 description “Drop invalid state”
set firewall name WAN_IN rule 2 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL enable-default-log
set firewall name WAN_LOCAL rule 1 action accept
set firewall name WAN_LOCAL rule 1 description “Allow established connections”
set firewall name WAN_LOCAL rule 1 state established enable
set firewall name WAN_LOCAL rule 1 state related enable
set firewall name WAN_LOCAL rule 2 action drop
set firewall name WAN_LOCAL rule 2 log enable
set firewall name WAN_LOCAL rule 2 description “Drop invalid state”
set firewall name WAN_LOCAL rule 2 state invalid enable
set interfaces ethernet eth0 description WAN
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 firewall in name WAN_IN
set interfaces ethernet eth0 firewall local name WAN_LOCAL
set service nat rule 5010 description “Masquerade for WAN”
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set interfaces ethernet eth1 description LAN
set interfaces ethernet eth1 address 192.168.10.2/24
set service dhcp-server disabled false
set service dhcp-server shared-network-name LAN authoritative enable
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 lease 86400
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.41 stop 192.168.10.99
set service dns forwarding listen-on eth2