The EdgeRouter Lite supports IPSec hardware offloading. Information and the related commands are in the above link. Should help alleviate performance concerns. Hi r/Ubiquiti - bit of a rant incoming and a PSA about setting up VPN users using the built in RADIUS server. Had an email from a freelance client whose network I look after (USG

Creating a VPN server on an Ubiquiti EdgeRouter Lite running EdgeOS is easy! In this blog post, I set up an L2TP over IPsec VPN server. My setup. To understand the configuration you should first know my setup. I have an Ubiquiti EdgeRouter Lite with 3 ports. The port configuration: eth0 - My FTTH connection eth0.4 - VLAN4 (Internet) eth0.6 set vpn l2tp remote-access dns-servers server-1 8.8.8.8 set vpn l2tp remote-access dns-servers server-2 4.2.2.2 STEP 5: Setting Pre-shared Secret set vpn l2tp remote-access ipsec-settings OpenVPN Server Setup. Now it's time to set up the OpenVPN server on the ERL. This is done by creating a new interface. You'll also need a new IPv4 subnet for the VPN; I use 192.168.200./24 here. You'll also need to make decisions about which port to use, whether to use tcp or udp, which routes to push, etc. Full disclosure: I know little to nothing about VPN. I have a Ubiquiti Edgerouter Lite set up as the router on a small 6 PC Windows Server 2012R2 Essentials network. The router is in default configuration and provides DHCP services to the network clients and little else. The EdgeRouter will be configured to issue DHCP assigned IP addresses in the 192.168.1./24 range. The Basic Setup wizard will automatically configure the LAN DHCP server. See the Beginners Guide to EdgeRouter article for more information.

I mentioned earlier that a CNAME entry for my VPN server caused a problem and that is because if I'm connecting from inside my firewall (yes, I know it isn't needed), the client tries to go to the external IP address. By using an A DNS entry and doing the following on the EdgeRouter Lite:

In my how to configure EdgeRouter Lite part one guide, my SSH service section has two config lines. While it touches a bit about security, I didn't really touch on securing the service further. By default, the router's SSH server will listen to any addresses assigned to an interface, just like the Web UI. DNS short name lookup fails on Ubiquiti EdgeRouter firmware v1.9.1, here's the simple fix Success! Now I have a 1.9.1 that behaves just like the prior releases, but now an IPSEC VPN server that is reliable too. Yay, I can move onward to other things. Glad that little bump in the road wasn't hard to go over.

This set of instructions will result in a PPTP server using local or RADIUS authentication on an Ubiquiti EdgeRouter. This assumes that you already have a basic working configuration already with a dynamic address assigned on the WAN interface and that there are some free IP addresses on the local network to assign to VPN clients. GUI setup Backup configuration Before changing any settings it

set vpn l2tp remote-access dns-servers server-1 8.8.8.8 set vpn l2tp remote-access dns-servers server-2 4.2.2.2 STEP 5: Setting Pre-shared Secret set vpn l2tp remote-access ipsec-settings OpenVPN Server Setup. Now it's time to set up the OpenVPN server on the ERL. This is done by creating a new interface. You'll also need a new IPv4 subnet for the VPN; I use 192.168.200./24 here. You'll also need to make decisions about which port to use, whether to use tcp or udp, which routes to push, etc. Full disclosure: I know little to nothing about VPN. I have a Ubiquiti Edgerouter Lite set up as the router on a small 6 PC Windows Server 2012R2 Essentials network. The router is in default configuration and provides DHCP services to the network clients and little else. The EdgeRouter will be configured to issue DHCP assigned IP addresses in the 192.168.1./24 range. The Basic Setup wizard will automatically configure the LAN DHCP server. See the Beginners Guide to EdgeRouter article for more information. The EdgeRouter forwards the DNS request from the client to a public DNS server. EdgeOS includes a DNS forwarding service based on dnsmasq that is consulted when clients use the EdgeRouter as a DNS server. The dnsmasq service runs in the background and will forward all client DNS queries to the specified DNS server(s). set vpn l2tp remote-access dns-servers server-2 4.2.2.2 set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret EdgeRouter 4 and 6 Unboxing and Setup - Duration: 21:30. set vpn l2tp remote-access dns-servers server-1 8.8.8.8 set vpn l2tp remote-access dns-servers server-2 8.8.4.4 N ote: You can also issue IP addresses the local subnet (192.168.1./24 in this case), but make sure that they do not overlap with IP addresses issued by your DHCP Server or used by other devices on your network.