Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more


L2TP over IPSec client implementation

Submitted by -
Status: New Idea

Dear all,


I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:

- ideally configurable via GUI

- define specific remote networks for routing (or have them advertised by head-end)

- status shown in vpn section


I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.


Kind regards,



on ‎04-19-2017 06:31 AM

100% support from me.  

Hopefully most of the technology is already in there with the site-to-site configuration, but in this case we're just tunneling to an end-point that we do not have control of (so IP address, username/password only etc).


In lesser consumer routers they include this feature as an 'L2TP internet connection' (so embedding /chaining it with the ISP uplink)

on ‎04-20-2017 08:34 AM

I was searching for this option just today.


100% support for the request from edge2unifi!

on ‎04-23-2017 07:59 PM

That would be fantastic! 

on ‎05-30-2017 10:15 PM
Not sure what this means "define specific remote networks for routing (or have them advertised by head-end)" and I don't really care about the GUI, but would love to see support for tunneling that uses offloading
on ‎06-13-2017 12:56 AM

This needs to happen i only got this router hoping it will will do L2TP over IPSEC as a client.

might have to get a refund and go with some one else. 


Close yet so fare.

on ‎06-21-2017 09:18 AM

This would certainly open doors for me. OpenVPN works, however the ~9Mb/s ceiling is frustrating. The ability to terminate a client-to-site L2TP/IPsec connection on the router, with HW offload to ensure it is not the bottleneck, would be fantastic.



As it's a fairly advanced feature, I think it would be very reasonable to have it only configurable via the CLI (at least initially, depending on demand - especially if it means a sooner release!).

on ‎09-01-2017 07:09 AM

I would like to see this. I want my ERL to act as a client to my VPN service (TorGuard). Site-Site and OpenVPN are not good options.

‎09-27-2017 07:49 AM - edited ‎09-27-2017 08:24 AM

I agree in principle to this request. In addition, I would like to see a GUI configurable IKEv2 / IPSec option as well. 


*Edit: IKEv2 IPSec client support is already accepted for inclustion in future release: https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/IPsec-IKEv2-remote-access-VPN-support/...

on ‎10-08-2017 08:04 AM

Can't believe this isn't already a feature...

on ‎10-08-2017 09:58 AM

Agree. This would be a huge reason for me to buy multiple ERs - then I could set a central IPSec server, and establish fast router-level tunnels from client sites back to the central office. The main implementation barrier right now is speed.