UniFi L2TP: set a static IP for a specific user (built-in Radius Server)
When using my L2TP VPN with the Unifi I realised that it was assigning a different IP Address to my client when it connected sometimes.
This wouldn’t normally be a problem if the remote client was only taking to my internal network, however I run a server that my internal network communicates out to via IP Address, so if this changes it all stops working.
This article walks through how to setup a static IP Address for an L2TP Client.
First we need to get a dump of our configuration from the USG, to do this we need to SSH to the USG and run a dump:
1
mca-ctrl -t dump-cfg
Once we have this I recommend copying it into your favourite text editor. We want to delete everything except the following:
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"service": {
"radius-server": {
"user": {
"myl2tpuser": {
"password": "password",
"tunnel-param": "3 1"
}
}
}
}
}
Now that we only have our user configuration we need to modify it to assign the IP Address:
1
2
3
4
5
6
7
8
9
10
11
{
"service": {
"radius-server": {
"user": {
"myl2tpuser": {
"ip-address": "192.168.10.10"
}
}
}
}
}
Once we have this we are able to add this to a config file on our controller which, when the controller re-provisions the USG will apply. (you can also manually force a provision)
The file needs to be saved to the site location, this will be something similar to:
1
/opt/UniFi/data/sites/default/
once in this directory create a new file called config.gateway.json and paste the above configuration into it.
To test the new configuration file you can run this command:
1
python -m json.tool config.gateway.json
You shouldn’t see any errors if this is correct.
We now can re-provision the USG which will pickup the configuration from the Controller and update the VPN settings.