How to add IPSEC/L2TP support?

we have ever tried l2tp and ipsec with pre shared key. It is very complicated and difficult to make it work, especially compatible with different servers. So gave up.

Hi alzhao,

When I tried to make a new L2TP interface it tells me “The submitted security token is invalid or already expired”.
Could you walk me through how I can succesfully setup a L2TP interface so I can establish the client side to connect to a L2TP server on a SonicWall firewall.

Thank you!

I have AR150, running 2.27 (stable). In short, it can connect to L2TP over IPSec with pre-shared key (server is my router (zyxel keenetic extra ii)). I can also establish VPN connection to the same router from my android 6 phone.
AR150 is running in WISP mode. I configured it under “OpenVPN” tab, “PPTP Client beta” menu. I’m using it the first day, cannot tell how reliable it is. It lost VPN connection at some moment, I had to click “Apply” button which made AR150 to reboot, and it connected after that.
Looking at this thread, it doesn’t look like it’s officially supported, not sure if it may be removed in the future? But if you have this firmware available for your gl.inet device, I’d give it another try.

It appears that is not well supported on OpenWRT, and none of the major projects* have a fully functional GUI with easy setup procedure for this platform . :frowning_face:
(* OpenSwan, LibreSwan, StrongSwan)

L2TP/IPsec is removed from firmware 3.x because it doesn’t works good with some servers. Seems there are different implementations.

Also the GUI appears to have some bugs:

On v2 firmware, after testing IPSEC and then returning to OpenVPN, the “Force VPN” feature quit working and traffic did not go through VPN even when OpenVPN says “connected.” I only discovered this by accident when a web site showed the name of my ISP. So there might be some mistake in the script which sets the firewall rules.

I know its more difficult to implement stateful verification, but I wish I could trust the GUI to accurately reflect the status of the firewall & virtual network adapter.

L2TP/IPsec with preshared key did work for me in 2.27 (but marked beta). Then I upgraded to 3.x and found it was gone. :frowning_face:

Is there any chance you will try to put it back? It looks like there is an L2TP in 3.x but no way to enter the preshared key.

While you can download 2.27 and flash it back.

Yes, that is my plan. But I hope to not be stuck at 2.27 forever because you are adding so many other great new features in 3.x. Thank you for being responsive to your users!