L2TP Client: Ubiquiti Edgerouter

From AAISP Support Site


(September 2022) It's been reported that Ubiquiti Edgerouter has broken authentication that affects L2TP connections. We may log authentication failures due to this, and the connection not connect. This issue is with the implementation of L2TP in the Edgerouter, specifically CHAP authentication.

EdgeOS 2.0.9 - maybe others.

Summary: the OS generates a file for xl2tpd to read, but it sets the server name as xl2tpd. When looking for CHAP credentials for 'aaisp, it only finds xl2tpd and gives up.

Here is where the customer found the answer: https://community.ui.com/questions/Bug-l2tp-client-CHAP-is-broken-due-to-bad-etc-ppp-chap-secrets-on-EdgeOS-2-0-9/b40dd55c-9bc4-4222-bf33-b0a35e894183

At the time, the solution in the post didn't work, so a temporary solution is to hand-edit the generated file for the tunnel, then kill the xl2tpd process. This makes it try and reconnect without re-generating the file. It gets connected.


Walk Through

(Updated March 2023)

Create a static route so the L2TP gateway runs over your current ISP gateway (EdgeOS tries to route the L2TP over itself for some reason).

 

L2TP set up in the usual way via the config tree

 

Add an SNAT rule so LAN clients can access

 

You then need to edit the /etc/ppp/peers/l2tpc1 file and add the line "remotename xl2tpd" so it looks something like this

 

Then run "sudo service xl2tpd restart" to re-establish the L2TP, it's important this is done via the cli otherwise EdgeOS overwrites this file and removes the line we just added.

This should get v4 up and running, I've not tackled v6 yet but if i manage to get that working i'll update you.