Jump to content
  • EN

Template:Networking rutos configuration example l2tp over ipsec android

From Teltonika Networks Wiki

Configuration overview and prerequisites

Prerequisites:

  • One RUTX router of any type
  • A Public Static or Public Dynamic IP address
  • At least one Android device

The topology above depicts the L2TP/IPsec scheme. - The router with the Public IP address (RUTX11) acts as the L2TP/IPsec server and the Android device acts as client. L2TP connects the networks of RUTX11 and Android client, IPsec provides the encryption for the L2TP tunnel. Created VPN tunnel will allow Android device to reach home network behind the RUTX11 router, but the rest of Android device network traffic will not be redirected through VPN. This way the VPN tunnel will not be under a huge load and will provide greater speeds.

When the scheme is realized, you will be able to reach your home internal network with all internal systems, cameras, or other IOT devices globally.

Configuring home router (RUTX)

L2TP

Login to the router's WebUI and navigate to the Services → VPN → L2TP page and do the following:

  1. Enter a custom configuration name.
  2. Select Role: Server.
  3. Click the Add button.
  4. Click the Edit button next to the newly created L2TP instance.
  1. Enable the L2TP instance.
  2. Enter a Username and Password which later will be used for client authentication.
  3. Optionally, set a fixed IP for this client (if left empty, client will receive first free IP from the IP range).
  4. Don't forget to Save the changes.

IPsec

Go to the Services → VPN → IPsec page and do the following:

  1. Enter a custom Name for the IPsec instance.
  2. Click the Add button.
  3. Click the Edit button next to the newly created instance.

In the IPsec Configuration page, do the following (and leave the rest as defaults, unless your specific configuration requires otherwise):

  1. Enable the instance.
  2. Enter your Pre-shared key.
  3. Select Type: Transport.
  4. Set DH group to MODP1024.
  5. Go to Phase 2 settings and also set DH group to MODP1024.
  6. Save changes.

Firewall

Now go to the Network → Firewall → General Settings page and press Edit button next to the L2TP forward rule:

  1. Set Forward: accept.
  2. Select Covered networks: LAN.
  3. Save changes.

Android phone

Go to your Android device VPN settings and create a new VPN network:

Apply the following configuration:

  1. Select Type: L2TP/IPsec PSK.
  2. Enter the router's WAN IP address into the Server field.
  3. Enter the Pre-shared key exactly as it was specified in the router's IPsec settings.
  4. Press Show advanced options
  1. Write the DNS servers you are planning to use (in this example we used google DNS servers).
  2. Add Forwarding routes (RUTX11 LAN network).
  3. Save settings.

Now open your newly created VPN instance and connect to it:

  1. Write the Username you created in router's L2TP settings.
  2. Write the Password you created in router's L2TP settings.
  3. Press Connect.

If you applied the configuration correctly, after a moment it should indicate Connected:

Results

Now you should be able to access your home network resources. To verify the connection you can try accessing your router's WebUI without being connected to it in any way. If you are able to do that, you have successfully connected to your home network.

Disclaimer:

This configuration example was created by using Android version 10. The IPsec Phase 1 and Phase 2 settings, which were used in this configuration example, might not work with other Android versions and might require adjustment.

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Template:Networking_rutos_configuration_example_l2tp_over_ipsec_android&oldid=63440"