UniFi Gateway Consoles WiFi Switching Camera Security New Integrations Accessory Tech Identity
UISP
Support Dropdown arrow
Store Search
User
Help Center UniFi Help Articles UISP Help Articles Community UniFi Design Center UISP Design Center Contact Support Tech Specs
Sign Up UniFi Portal
Ubiquiti Logo Ubiquiti Logo
User User
Log In Sign Up UniFi Portal
UniFi Gateway Consoles WiFi Switching Cameras & Security New Integrations Accessory Tech Identity UISP Store Search

Support

Help Center UniFi Help Articles UISP Help Articles Community Contact Support Tech Specs

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UniFi Design Center UISP Design Center
  1. Ubiquiti Support and Help Center
  2. UniFi
  3. Gateway & Routing
Help Center
Back to Top

UniFi Gateway - L2TP VPN Server

2023-09-25 20:26:38 UTC

L2TP is a traditional VPN server found in the Teleport & VPN section of your Network application that allows you to connect to the UniFi network from a remote location. A UniFi Gateway or UniFi Cloud Gateway is required.

Should I Use L2TP?

On Next-Gen UniFi gateways, there are much better options available such as Teleport and Wireguard.

  • For mobile users, we strongly recommend to use Teleport instead of L2TP. Teleport is faster, more secure, and requires zero configuration. 
  • For desktop and laptop users, we strongly recommend to use Wireguard instead of L2TP. Wireguard is faster, more secure, and requires less configuration.

How Does it Work?

After enabling L2TP, add a User and share the Pre-Shared Key and user credentials with your desired recipient. If available, the recipient can use the built-in L2TP VPN on their choice of operating system. 

Note: On Windows, it is required to modify the L2TP adapter Security settings and change the authentication method to MS-CHAP v2.

Caveats

There are several caveats associated with using L2TP. These are not specific to the UniFi gateway and associated with the protocol itself. 

  • L2TP is losing support on several different operating systems. Android versions that still support L2TP require the usage of the Weak Ciphers option.
  • L2TP encounters issues when the UniFi gateway is behind NAT, even when forwarding the ports on the upstream router. On Windows clients, it is required to modify the registry.
  • Using the standard options available on the client's built-in L2TP VPN may not lead to a successful connection.
    • On Windows, the authentication method needs to be manually changed to MS-CHAP v2.
    • On macOS, the option to send all traffic over the VPN is not enabled by default.
  • L2TP cannot push any routes to clients. Split tunneling requires static routes to be manually added on each client.

Frequently Asked Questions

1. Should I use Teleport, Wireguard or L2TP?
Using Teleport or Wireguard is highly recommended. L2TP is a traditional VPN that is losing support on several different operating systems. In addition, L2TP has several caveats and encounters issues when the server is behind NAT.
2. Is L2TP secure?
L2TP is less secure than Teleport and Wireguard. In addition, Android versions that still support L2TP require lowering the security by using the Weak Ciphers option.
3. How does L2TP compare with other VPNs, and can you use them simultaneously?
L2TP provides less throughput than more modern VPNs such as Wireguard. L2TP can be used alongside other VPNs.
4. Can L2TP be used when the UniFi gateway is behind NAT?
If the UniFi gateway is behind NAT, then UDP port 500 and 4500 need to be forwarded by the upstream router. On Windows clients, it is also required to modify the registry.

We recommend to use L2TP on a UniFi gateway that has access to a public IP address. Any performance or port forwarding issues on the upstream router can cause the VPN to disconnect.
5. Which clients support L2TP?
L2TP is supported on many different clients, however it is losing support. See the documentation for each operating system for more information.
Was this article helpful?
11 out of 37 found this helpful