Reply
New Member
Posts: 25
Registered: ‎12-26-2015
Kudos: 23

USG, FreeRadius and L2TP VPN Static Ip address

[ Edited ]

I recently started using the Radius server built into the USG. I had been using a Radius server on my network, but I had issues getting L2TP to work and that went away when switching the server on the USG.

 

I needed an L2TP client to have a static ip address and after a little searching around, I found a command structure in the L2TP configuration, however it didn't work. After a little more digging around the freeradius configuration settings I discovered this command.

 

set service radius-server user YOURUSERNAME ip-address xxx.xxx.xxx.xxx

 

The ip address has to be from your pool configured on the VPN Client pool, but once the command was implented I tested and confirmed that everytime that user logged in, they got the static ip address.

 

A couple issues with the allowed Unifi interface options for configuring this.

 

1. I can't adjust the IP Pool size when configuring a Remote User VPN.

Here is the command to adjust:
set vpn l2tp remote-access client-ip-pool stop xxx.xxx.xxx.xxx

 

2. I can't set the static IP address in the user profile on the Radius configuration page.

Here is command to adjust:

set service radius-server user YOURUSERNAME ip-address xxx.xxx.xxx.xxx

 

Hopefully they will add those options to futre revisions of the controller.

Highlighted
New Member
Posts: 18
Registered: ‎09-21-2018
Kudos: 3

Re: USG, FreeRadius and L2TP VPN Static Ip address

Thank you so much. This post was hard to find, I wish this information was in the help pages. 

New Member
Posts: 3
Registered: ‎02-17-2018

Re: USG, FreeRadius and L2TP VPN Static Ip address

When I try these commands it just  tells me it is an invalid command.    I've only used SSH  for displaying support info previously - is there anything  I need to enter prior to these commands?

 

New Member
Posts: 9
Registered: ‎04-06-2017
Kudos: 9

Re: USG, FreeRadius and L2TP VPN Static Ip address

Are you sure you're connecting through SSH to the USG? If so, run `configure` keyword first to enter in the proper mode. Afterwards you're able to issue any other commands, including `set service radius-server user YOURUSERNAME ip-address xxx.xxx.xxx.xxx`. After done, issue the following: `commit;save;exit` and force provision your USG through UniFi's GUI.
New Member
Posts: 9
Registered: ‎04-06-2017
Kudos: 9

Re: USG, FreeRadius and L2TP VPN Static Ip address

Were you able to add these config nodes to the config.gateway.json in the UniFi Controller? Dumping the config through `mca-ctrl -t dump-cfg` does not show the actual setting. However it does show up in the config.boot file in the USG (`cat /config/config.boot`)
Reply