Configuring L2TP/Xauth/IKEv2 on NG Firewall


This article describes how to configure L2TP/Xauth/IKEv2 on NG Firewall, enabling many kinds of remote client devices to connect to it.

You will find device configuration links at the bottom of the article.


Enabling the VPN Server

  1. Go to Apps > IPsec VPN > VPN Config
  2. Click Enable L2TP/XAuth/IKEv2 Server
  3. Address Pool: These are the local IP addresses which will be used to route traffic to your remote clients. Each setting provides an automatically-generated suggested value, but you may change those settings if you wish.
    Note that each must be a unique subnet that is not already defined on the NG Firewall. For example, if your local subnet is, then you will not be able to use that subnet for either Address Pool setting.
  4. Custom DNS Server: enables you to provide local DNS server settings to remote clients. This option is not required, but can be useful if there is an internal DNS server present behind NG Firewall.
  5. Specify an IPsec Secret. This will need to be added to the VPN client on the client devices, providing a second level of authentication.
  6. Allow Concurrent Logins: this option enables a single set of credentials to be simultaneously logged into the VPN from multiple devices. It can be useful if you have users who use more than one device at a time.
  7. The optional Phase 1 and Phase 2 manual configuration options can be used if you want to specify different encryption ciphers, hashes, Diffie-Hellman groups, or PFS groups.
  8. Select an authentication method. If you do not have an on-premises RADIUS server, leave this option set to the default Local Directory.
  9. If you want to be able to connect on more than one external IP address, or if you want to use an address that is not the Primary WAN, you can add or change addresses in the Server Listen Addresses field.
  10. Click Save. 
  11. Once the config changes have been saved, click Configure Local Directory to be taken to Config > Local Directory, where you will set up login credentials.


Setting up user authentication via Local Directory

  1. Go to Config > Local Directory > Local Users
  2. Click Add.
  3. Add all of the users you want to be able to use L2TP. The username and password you specify here will be what they use to connect to the VPN.
  4. Click Done.
  5. Click Save. 


Clicking the image above will load it, full-size, in a new window.

Device Configurations

Connect an Android Device to NG Firewall via L2TP

Connect To NGFW L2TP VPN In Windows 7

Connect To NGFW L2TP VPN In Windows 10

Connect To NGFW L2TP VPN In iOS

Connect To NGFW L2TP VPN in macOS

Was this article helpful?
1 out of 3 found this helpful
Have more questions? Submit a request



Article is closed for comments.

Powered by Zendesk