UniFi Gateway - L2TP VPN Server
L2TP is a traditional VPN server found in the Teleport & VPN section of your Network application that allows you to connect to the UniFi network from a remote location. A UniFi Gateway or UniFi Cloud Gateway is required.
Should I Use L2TP?
On Next-Gen UniFi gateways, there are much better options available such as Teleport and Wireguard.
- For mobile users, we strongly recommend to use Teleport instead of L2TP. Teleport is faster, more secure, and requires zero configuration.
- For desktop and laptop users, we strongly recommend to use Wireguard instead of L2TP. Wireguard is faster, more secure, and requires less configuration.
How Does it Work?
After enabling L2TP, add a User and share the Pre-Shared Key and user credentials with your desired recipient. If available, the recipient can use the built-in L2TP VPN on their choice of operating system.
Note: On Windows, it is required to modify the L2TP adapter Security settings and change the authentication method to MS-CHAP v2.
Caveats
There are several caveats associated with using L2TP. These are not specific to the UniFi gateway and associated with the protocol itself.
- L2TP is losing support on several different operating systems. Android versions that still support L2TP require the usage of the Weak Ciphers option.
- L2TP encounters issues when the UniFi gateway is behind NAT, even when forwarding the ports on the upstream router. On Windows clients, it is required to modify the registry.
- Using the standard options available on the client's built-in L2TP VPN may not lead to a successful connection.
- On Windows, the authentication method needs to be manually changed to MS-CHAP v2.
- On macOS, the option to send all traffic over the VPN is not enabled by default.
- L2TP cannot push any routes to clients. Split tunneling requires static routes to be manually added on each client.
Frequently Asked Questions
We recommend to use L2TP on a UniFi gateway that has access to a public IP address. Any performance or port forwarding issues on the upstream router can cause the VPN to disconnect.