hostname wa1510
!
username admin password plain admin administrator
!
http-username admin password plain admin administrator
!
ip dhcp-server enable
ip dhcp-server profile default
  assignable-range 192.168.10.1 50
  default-gateway auto
  dns-server auto
  subnet-mask auto
!
ppp profile lns
  authentication request chap-pap
  user-list l2tp-user password plain l2tp-pass
  ipcp provide-remote-dns 192.168.10.254
  ipcp provide-ip-address range 192.168.20.1 10
!
ppp profile pppoeprof
  authentication username user@example.com
  authentication password plain example
!
interface GigaEthernet0.0
  no ip address
  encapsulation PPPoE0
  no shutdown
!
interface GigaEthernet1.0
  ip address 192.168.10.254/24
  proxy-arp enable
  ip dhcp-server binding default
  no shutdown
!
interface L2TPE0
  ip address 192.168.10.253/32
  ip tcp adjust-mss auto
  ppp profile lns
  l2tp mode lns
  l2tp client-isolation enable
  no shutdown
!
interface PPPoE0
  ip address ipcp
  ip tcp adjust-mss auto
  ipsec map ipsecprof1
  ppp profile pppoeprof
  auto-connect
  ip napt enable
  ip napt reserve icmp
  ip napt reserve esp
  ip napt reserve udp 500
  ip napt reserve udp 4500
  no shutdown
!
ip route default PPPoE0
!
proxy-dns ip enable
proxy-dns server default PPPoE0 ipcp
!
ike proposal ikeprop
  encryption-algorithm aes256-cbc
  authentication-algorithm hmac-sha1
  lifetime 28800
  dh-group 2048-bit
!
ike proposal ikeprop2
  encryption-algorithm aes256-cbc
  authentication-algorithm hmac-sha2-256
  lifetime 28800
  dh-group 1024-bit
!
ike policy ikepol1
  mode main
  dpd-keepalive enable ph1 20 3
  proposal ikeprop ikeprop2
  pre-shared-key plain secret
  nat-traversal enable keepalive 20
!
ipsec proposal ipsecprop
  protocol esp enc-algo des-cbc aes256-cbc auth-algo hmac-sha1-96 hmac-sha2-256
  lifetime 28800
!
ipsec policy ipsecpol
  proposal ipsecprop
!
ipsec profile ipsecprof1
  mode transport
  ipsec policy ipsecpol
  ike policy ikepol1
  source PPPoE0
  peer any
!
nm ip enable
nm account example password plain testtest
nm sitename example-office
!
https-server ip enable
https-server ip permit 192.168.10.0/24
https-server ip permit 192.168.20.0/24
https-server ip redirect enable
!
led vpn l2tp
!