The firewall rule changes can be done through the GUI but everything else must be done through the CLI or the config tree.
Enable hardware offload for IPsec:
set system offload ipsec enable
Reorder a rule so there's space to add two new rules:
edit firewall edit name WAN_LOCAL rename rule 3 to rule 6 top
Add firewall rules for L2TP:
set firewall name WAN_LOCAL rule 4 action accept set firewall name WAN_LOCAL rule 4 description 'Allow L2TP' set firewall name WAN_LOCAL rule 4 destination port 500,1701,4500 set firewall name WAN_LOCAL rule 4 log disable set firewall name WAN_LOCAL rule 4 protocol udp set firewall name WAN_LOCAL rule 5 action accept set firewall name WAN_LOCAL rule 5 description 'Allow ESP' set firewall name WAN_LOCAL rule 5 log disable set firewall name WAN_LOCAL rule 5 protocol esp
Setup IPsec:
set vpn ipsec auto-firewall-nat-exclude disable set vpn ipsec ipsec-interfaces interface eth1.2 set vpn ipsec nat-networks allowed-network 10.0.0.0/8 set vpn ipsec nat-networks allowed-network 172.16.0.0/12 set vpn ipsec nat-networks allowed-network 192.168.0.0/16 set vpn ipsec nat-traversal enable
#Change the username and password
set vpn l2tp remote-access authentication local-users username testuser password 'testpassword' set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access client-ip-pool start 192.168.100.101 set vpn l2tp remote-access client-ip-pool stop 192.168.100.110 set vpn l2tp remote-access dhcp-interface eth1.2 set vpn l2tp remote-access dns-servers server-1 8.8.8.8 set vpn l2tp remote-access dns-servers server-2 8.8.4.4 set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret#Change the L2TP Shared Secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret testsecret set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 set vpn l2tp remote-access mtu 1492
Commit and Save:
commit save
Additional Resources:
EdgeMax - L2TP Server Setup
Android Client Setup