config vpn ipsec phase1 end config vpn ipsec phase1-interface edit "L2TP IPSEC" set type dynamic set interface "wan1" set ip-version 4 set ike-version 1 set local-gw 0.0.0.0 set keylife 86400 set authmethod psk set mode main set peertype any set mode-cfg enable set ipv4-wins-server1 0.0.0.0 set ipv4-wins-server2 0.0.0.0 set proposal aes256-md5 3des-sha1 aes192-sha1 set add-route enable set exchange-interface-ip disable set localid '' set localid-type auto set negotiate-timeout 30 set fragmentation enable set dpd on-idle set forticlient-enforcement disable set comments "VPN: L2TP IPSEC (Created by VPN wizard)" set npu-offload enable set dhgrp 2 set suite-b disable set wizard-type custom set xauthtype disable set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender disable set auto-discovery-receiver disable set auto-discovery-forwarder disable set nattraversal enable set default-gw 0.0.0.0 set default-gw-priority 0 set assign-ip enable set assign-ip-from range set ipv4-start-ip 192.168.6.1 set ipv4-end-ip 192.168.6.254 set ipv4-netmask 255.255.255.255 set dns-mode auto set ipv4-split-include "local_network_lan" set split-include-service '' set ipv6-start-ip :: set ipv6-end-ip :: set ipv6-prefix 128 set ipv6-split-include '' set unity-support disable set psksecret ENC set keepalive 10 set distance 15 set priority 0 set dpd-retrycount 3 set dpd-retryinterval 20 next end config vpn ipsec phase2 end config vpn ipsec phase2-interface edit "L2TP IPSEC" set phase1name "L2TP IPSEC" set proposal aes256-md5 3des-sha1 aes192-sha1 set pfs disable set replay enable set keepalive disable set add-route phase1 set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set encapsulation transport-mode set l2tp enable set comments "VPN: L2TP IPSEC (Created by VPN wizard)" set protocol 0 set src-port 0 set dst-port 0 set keylifeseconds 3600 next edit "cluster" set phase1name "L2TP IPSEC" set proposal aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256 set pfs enable set dhgrp 14 5 set replay enable set keepalive disable set add-route phase1 set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set single-source disable set route-overlap use-new set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set keylifeseconds 43200 set src-subnet 10.0.0.0 255.255.0.0 set dst-subnet 0.0.0.0 0.0.0.0 next edit "lan" set phase1name "L2TP IPSEC" set proposal aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256 set pfs enable set dhgrp 14 5 set replay enable set keepalive disable set add-route phase1 set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set single-source disable set route-overlap use-new set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set keylifeseconds 43200 set src-subnet 192.168.69.0 255.255.255.0 set dst-subnet 0.0.0.0 0.0.0.0 next end config vpn l2tp set eip 192.168.6.254 set sip 192.168.6.1 set status enable set usrgrp "wizard_ipsec_usergroup" end