vpn

Add route to Linux system to allow a VPN connection access the System which is behind a VPN ;)

Okay machine ‘I am behind a VPN’ can be accessed locally: 10.1.1.20, with OpenVPN it is behind an external IP address, not mine
I set up a VPN to my local network: 10.10.10.50 is my IP when I am behind a VPN, when I try to access 10.1.1.20 it is not allowed, where other machines in the same network are ok.
This is due to the OpenVPN connection being active (when disabling OpenVPN, than all is ok), so trying to be able to allow the remote VPN access the machine.

Now I did 2 things and I believe the first command did it.

1. used a new route:
ip route add 10.10.10.0/24 (VPN) via 10.1.1.100 (router) dev eth0

and I used
2. iptables -A INPUT -s 10.10.10.50 -j ACCEPT (but this one did not work, but I will mention it .. you never know)

Fixing a broken L2TP VPN setup with Edgemax Edgerouter Lite

Taken from: http://www.dataguys.net/ubiquiti-edgemax-l2tp-setup/

it fixed my issues today #20-12-2016#

Show Running VPN Configurations

configure
#show l2tp config
show vpn l2tp
#show pptp config
show vpn pptp

Delete existing VPN Configurations

configure
delete vpn pptp ## possible this one does not exist so it will be told in your shell
delete vpn l2tp
delete vpn ipsec
commit
save

Now the existing VPN settings are removed

# change eth0 to whatever is the external interface port of the Edgemax
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local

#Add local users for L2TP
set vpn l2tp remote-access authentication local-users username [myusername] password [mypassword]  ### do not use the [] in the command

# Set a range of IP addresses that are not being used by your LAN DHCP
set vpn l2tp remote-access client-ip-pool start 10.10.10.100
set vpn l2tp remote-access client-ip-pool stop 10.10.10.110

# Set the DNS servers to give out over DHCP for VPN Name Resolution
set vpn l2tp remote-access dns-servers server-1 10.1.1.50
set vpn l2tp remote-access dns-servers server-2 8.8.8.8

# Set the authentication mode for L2TP
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret [secretkey]
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

# Set the l2tp listening address to the WAN IP and WAN Gateway
set vpn l2tp remote-access outside-address [Your-WAN-IP]
set vpn l2tp remote-access outside-nexthop [Your-WAN-GATEWAY-IP]

# Optional to set the MTU but I do this just in case they end up on DSL or T1
set vpn l2tp remote-access mtu 1492

commit
save
exit

Notice: firewall rules must also be enabled as ruleset in the Edgemax Lite, this is not yet in the document documented.

Please be noticed above text is derived from the URL above and used in my home setup. If it crashes I will be able to fix it.