I recently deleted my PPTP VPN server and setup an L2TP VPN server instead. I am able to connect to the VPN server without problems and can access the router via GUI and SSH however I am not able to access any of my devices on the network. I would really appreaciate someone having a look at my configuration and letting me know where I may have gone wrong. Thank you
firewall {
all-ping enable
broadcast-ping disable
group {
address-group PBX {
address 192.84.16.0/24
address 192.84.18.0/24
address 8.28.0.0/22
description "8x8 PBX Servers"
}
network-group LAN_NETS {
network 10.10.10.0/24
network 10.10.20.0/24
network 10.10.30.0/24
network 10.10.40.0/24
}
port-group 8x8 {
description "8x8 Phone Service Ports"
port 5196-5199
port 15044
port 5060-5061
port 3478-3479
port 2222-2269
port 16384-16404
}
port-group UniFi_Guest_Portal {
description "UniFi Controller Ports"
port 8443
port 8880
port 8843
port 8080
port 27117
port 3478
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
destination {
group {
network-group LAN_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Allow Traffic to Unifi Controller"
destination {
address 10.10.10.250
group {
port-group UniFi_Guest_Portal
}
}
log disable
protocol all
source {
group {
}
}
}
rule 30 {
action accept
description "8x8 Ports"
destination {
address 10.10.20.0/24
group {
port-group 8x8
}
}
log disable
protocol all
}
rule 40 {
action accept
description "8x8 Servers"
destination {
group {
address-group PBX
}
}
log disable
protocol all
}
rule 50 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Allow L2TP"
destination {
port 500,1701,4500
}
log enable
protocol udp
}
rule 30 {
action accept
description "Allow ESP"
log disable
protocol 50
}
rule 50 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 173.13.xxx.xxx/29
address 173.13.xxx.xxx/29
address 173.13.xxx.xxx/29
address 173.13.xxx.xxx/29
address 173.13.xxx.xxx/29
description "Internet - WAN"
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth1 {
address dhcp
description "Internet - WAN 2"
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth2 {
description LAN
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
address 10.10.20.1/24
description VOIP
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description AirFiber
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 10.10.10.1/24
description "Primary LAN"
firewall {
in {
modify balance
}
local {
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth4 {
}
vlan-aware disable
}
vif 30 {
address 10.10.30.1/24
description "Guest Network"
mtu 1500
}
vif 35 {
address 10.10.35.1/24
description "Staff Network"
mtu 1500
}
vif 40 {
address 10.10.40.1/24
description Video
mtu 1500
}
}
}
load-balance {
group G {
interface eth0 {
}
interface eth1 {
failover-only
}
lb-local enable
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth2
wan-interface eth0
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 173.13.xxx.xxx {
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Guest_Network {
authoritative disable
subnet 10.10.30.0/24 {
default-router 10.10.30.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 10.10.30.10 {
stop 10.10.30.100
}
}
}
shared-network-name LAN {
authoritative enable
subnet 10.10.10.0/24 {
default-router 10.10.10.1
dns-server 10.10.10.230
dns-server 10.10.10.1
domain-name ad.xxx.xxx.com
lease 86400
start 10.10.10.40 {
stop 10.10.10.139
}
}
}
}
shared-network-name VOIP {
authoritative disable
subnet 10.10.20.0/24 {
default-router 10.10.20.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 10.10.20.50 {
stop 10.10.20.199
}
}
}
shared-network-name Staff_Network {
authoritative disable
subnet 10.10.35.0/24 {
default-router 10.10.35.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 10.10.35.10 {
stop 10.10.35.100
}
}
}
shared-network-name Video {
authoritative disable
subnet 10.10.40.0/24 {
default-router 10.10.40.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 10.10.40.20 {
stop 10.10.40.49
}
static-mapping NAS {
ip-address 10.10.40.20
mac-address 00:11:32:33:93:97
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
listen-on switch0.40
listen-on switch0.30
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 1 {
description "Unifi Controller"
destination {
address 173.13.129.218
group {
port-group UniFi_Guest_Portal
}
}
inbound-interface eth0
inside-address {
address 10.10.10.250
}
log disable
protocol all
type destination
}
rule 5000 {
description "Unifi Controller"
log disable
outbound-interface eth0
outside-address {
address 173.13.129.218
}
source {
address 10.10.10.250
group {
port-group UniFi_Guest_Portal
}
}
type source
}
rule 5001 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
modules {
sip {
disable
}
}
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
domain-name ad.xxx.xxx.com
host-name ROUTER1
login {
user xxx {
authentication {
encrypted-password $6$7fpsQzSaDE$L28QtW7Vys5rcz4ZjuQtx.IXTvxEobWGhKvp9foU2X1zzPvV6GKWH.8AOIDMpEdElP8piSb2qdZNE1JvPM.
plaintext-password ""
}
full-name “xx”
level admin
}
user ubnt {
authentication {
encrypted-password $6$cQ29tOyukD$HZI.b9euiBp0UFwPI4buYBobfaHQ9RxzyE2Nq.bSr64JzGZ7lyaAltCpisGVdYromaDQit0eCXjDGn/0
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
name-server 10.10.10.235
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 10.10.10.221 {
facility all {
level notice
}
}
}
time-zone America/Los_Angeles
traffic-analysis {
dpi disable
export disable
}
}
traffic-control {
smart-queue WAN {
download {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 100mbit
}
upload {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 20mbit
}
wan-interface eth0
}
}
vpn {
l2tp {
remote-access {
authentication {
local-users {
username xxx {
password xxx
}
username xxx {
password BlackCat007
}
username xxx {
password xxx
}
username xxx {
password xxx
}
}
mode local
}
client-ip-pool {
start 10.10.10.200
stop 10.10.10.220
}
dns-servers {
server-1 8.8.8.8
server-2 8.8.4.4
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret xxx
}
ike-lifetime 3600
}
mtu 1492
outside-address 173.13.xxx.xxx
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.0.4901118.160804.1131 */