#配置ipsec，nat-networks是允许穿越nat的网段

set vpn ipsec ipsec-interfaces interface eth1

set vpn ipsec nat-traversal enable

set vpn ipsec nat-networks allowed-network 10.111.111.0/24

#配置l2tp隧道，outside-address是响应l2tp连接的ip，需要是存在的ip

set vpn l2tp remote-access outside-address 10.0.11.22

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access authentication local-users username user1 password ‘password‘

set vpn l2tp remote-access authentication local-users username user2 password ‘password‘

set vpn l2tp remote-access client-ip-pool start 10.111.111.111

set vpn l2tp remote-access client-ip-pool stop 10.111.111.222

set vpn l2tp remote-access name-server 114.114.114.114

set vpn l2tp remote-access mtu 1450

#配置ipsec预共享密钥，ike时间一小时

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret password

set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

set vpn l2tp remote-access ipsec-settings lifetime 3600

ros连接vyos的l2tp需要不使用ipsec，否则连接不上，看加密方式是mppe128。

macos和windows必须使用ipsec，否则连不上。

本文链接地址: https://danteng.org/vyos-l2tp-over-ipsec-configuation/