VPN connections enable access to far-away sites. However, using L2TP over IPSec, you can grant even mobile access to your sites, using standardized built-in clients on phones as well as on windows-built in clients. This Step-by-Step guide (including video) will show you what to do in order to grant smooth connection to your remote site and your windows built-in client!
This article explains how to setup L2TP VPN to your USG using the setup wizard and a Windows 10 client.
On your USG:
1. Log in to the unit by entering IP address and the credentials for an admin account ( by default, username is “admin”, password is “1234” )
2. Navigate to “Configuration”, click the “Quick Setup”-Link in the upper left corner and choose “VPN Setup”
3. Choose “LT2P”, enter a name for your VPN Rule (this will be the name for your VPN Gateway and VPN Connection later), choose the desired WAN Interface and enter a pre-Shared Key
4. Set an Address Range for the L2TP clients that is not conflicting with an already existing subnet on your USG
5. Click on finish and you will see a summary of the VPN configuration
6. Navigate to Configuration > Object > User/Group to create a user for the L2TP VPN. If you need to create multiple users, you can put them into a group under the “User Group” tab above
7. Navigate to Configuration > VPN > L2TP VPN to add these users in the option “Allowed User”
After finishing the Wizard you can find the configured settings under Configuration > VPN > L2TP VPN and the VPN Gateway + VPN connection under Configuration > VPN > IPSEC VPN in the corresponding tabs above.
That´s it! Using the Wizard also adds an automatically created routing rule referring to the VPN Gateway
Now let´s go on with your Windows 10 client:
1. Navigate to your System Settings > Network & Internet > VPN > Add a VPN Connection
2. Choose “Windows (Built-in)” as the VPN provider and a desired connection name, type in the IP of the WAN Interface your VPN Gateway is listening onto and choose “L2TP/IPsec with pre-shared key” for the VPN type
3. After entering the pre-shared Key for the VPN Gateway, choose “User name and password” for the Type of sign-in info and type in the name and key of the previously created user
4. Navigate to “Network and Sharing Center”, right-click on the L2TP adapter, open the properties-menu and double check the correct IP of the VPN Gateway, open the “Security”-tab and choose “Unencrypted password (PAP)” instead of CHAP, click on Advanced settings to re-enter the pre-shared key of the VPN Gateway
5. Now navigate to the Networking tab and disable IPv6 to avoid misconnections
Connecting your L2TP VPN-Client should now work like a charm!