Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Setup Android L2TP VPN

10/14/2021 34 People found this article helpful 111,940 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article explains how to configure a L2TP VPN in order to connect from Android Devices.


    Deployment Steps:

    1. Configure VPN settings
    2. Configure L2TP Server
    3. Configure a Sonicwall User
    4. Then last configure the device.

    Resolution

    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

    WanGroupVPN settings

    1. Go to Manage | VPN | Base Settings page, make sure the “Enable VPN” box in the top left corner of the page is checked.
      Under the VPN Polices section, click the edit button on the WAN GroupVPN line as shown belowImage
    2. Select IKE using Preshared Secret and enter the Shared Secret as shown below as an example:

    Image 

    Authentication Method: "IKE using Preshared Secret"
    Name: WAN GroupVPN
    Shared Secret: type a passphrase (you will enter this is into the Droid later) 

     

    • Go to the Proposals Tab

    NOTE: To successfully establish a VPN tunnel the L2TP (VPN) client and the Remote VPN device must agree upon the same set of Proposals/Transform Payloads (differs from client to client), please refer the following article for complete details: List of IPSec and L2TP client proposals

     
    ImageIKE (Phase 1) Proposal

    DH Group = Group 2
    Encryption = 3DES
    Authentication = SHA1
    Life Time (seconds) 28800

    IPSec (Phase 2) Proposal

    Protocol = ESP
    Encryption = 3DES

    Authentication = SHA1
    Enable Perfect Forward Secrecy = not checked
    Life Time (seconds) 28800

     

    • Go to Advanced tab and select Accept Multiple proposals for Clients
    Image

    Enable Windows Networking (NetBIOS) Broadcast = checked
    Enable Multicast = not checked

    The new Accept Multiple Proposals for Clients checkbox allows multiple VPN or L2TP clients using different security policies to connect to a NG firewall.

    Management via this SA: = nothing checked
    Default Gateway: 0.0.0.0

    Require authentication of VPN clients by XAUTH = Checked
    User group for XAUTH users: "Trusted Users"

     

    • Go to the Client tab
    Image

    Cache XAUTH User Name and Password on Client: Single Session or Always
    Virtual Adapter settings: = DHCP Lease
    Allow Connections to: = Split Tunnels
    Set Default Route as this Gateway = Unchecked
    Use Default Key for Simple Client Provisioning = Checked



    L2TP Server Settings

    1. Go to Manage | VPN | L2TP Server page Enable L2TP Server and click on the Button "Configure".
      Image

      Keep alive time (Sec): 60
      DNS Server 1: your DNS Server
      DNS Server 2: your secondary DNS Server
      WINS Server 1: if you have one
      WINS Server 2:

      Image
      IP Address Settings
      Select L2TP Users | "Use the Local L2TP IP pool" and configure your Start IP Lease and End IP Lease range. The Sonicwall will auto-create an address object and rules for this range. It can be a separate IP range. In the shown example is IP Start 192.168.60.67 with an end range of 192.168.60.70. At the bottom of the page, select "Trusted Users" from the Dropdown menu next to “User group for L2TP users”. This is the same group you select on the Advance tab in the WAN GroupVPN settings.
      Image
    2. Go to Manage | Users | Local Users & Groups page and click the Add User button.

    Image
    Make the user part of the Group "Trusted Users" on the Groups tab
    .
    Image
    In the VPN Access list – as a minimum add these networks: LAN Subnets/LAN Primary Subnet and L2TP IP Pool.

    Image
    Android Settings

    Configure the Android: Go the settings | More connection settings

    ImageImage
    ImageImage

     

    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

    • On the VPN | Settings page, make sure the Enable VPN box in the top left corner of the page is checked.
      Under the VPN Polices section, click the edit button on the WAN GroupVPN line.

    Image 

    Authentication Method: "IKE using Preshared Secret"
    Name: WAN GroupVPN
    Shared Secret: type a passphrase (you will enter this is into the Droid later) 

    Second Tab "Proposals"

     NOTE: To successfully establish a VPN tunnel the L2TP (VPN) client and the Remote VPN device must agree upon the same set of Proposals/Transform Payloads (differs from client to client), please refer the following article for complete details: List of IPSec and L2TP client proposals

     

     
    ImageIKE (Phase 1) Proposal

    DH Group = Group 2
    Encryption = 3DES
    Authentication = SHA1
    Life Time (seconds) 28800

    IPSec (Phase 2) Proposal

    Protocol = ESP
    Encryption = 
    3DES

    Authentication = SHA1
    Enable Perfect Forward Secrecy = not checked
    Life Time (seconds) 28800

     

     

    "Advanced" tab
    Image

    Enable Windows Networking (NetBIOS) Broadcast = checked
    Enable Multicast = not checked

    The new Accept Multiple Proposals for Clients checkbox allows multiple VPN or L2TP clients using different security policies to connect to a NG firewall.

    Management via this SA: = nothing checked
    Default Gateway: 0.0.0.0

    Require authentication of VPN clients by XAUTH = Checked
    User group for XAUTH users: "Trusted Users"

     

    "Client" tab

    Image

    Cache XAUTH User Name and Password on Client: Single Session or Always
    Virtual Adapter settings: = DHCP Lease
    Allow Connections to: = Split Tunnels
    Set Default Route as this Gateway = Unchecked
    Use Default Key for Simple Client Provisioning = Checked


    L2TP Server Settings

    • Go to the VPN | L2TP Server page and click on the button "Configure".
      Keep alive time (Sec): 60
      DNS Server 1: your DNS Server
      DNS Server 2: your secondary DNS Server
      WINS Server 1: if you have one
      WINS Server 2:

      IP Address Settings
      Select "Use the Local L2TP IP pool" and configure your Start IP Lease and End IP Lease range. The Sonicwall will auto-create an address object and rules for this range. It can be a separate IP range.
      In the shown example is IP Start 192.168.60.67 with an end range of 192.168.60.70. At the bottom of the page, select "Trusted Users" from the Dropdown menu next to “User group for L2TP users”.
       NOTE: This is the same group you select on the Advanced tab in the WAN GroupVPN settings. 
      ImageImage
    • Go to the Users | Local Users page and click the Add User button. Make the user part of the Group "Trusted Users".
      In the VPN Access list – as a minimum add these networks: LAN Subnets/LAN Primary Subnet and L2TP IP Pool.
    ImageImage

     

    Android Settings

    Configure the Android. Go the setting APP page and select the Settings icon.

    ImageImage
    ImageImage

     

    Related Articles

    • SSL Control and DPI-SSL Compatibility
    • FIPS Mode: Radius protected with IPSEC VPN
    • Maximum DHCP Leases

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:957d8e7b1ca3887eccd6a78a7ba67e6e-76