L2TP over IPsec configuration needs to be manually updated after upgrading from 6.4.x or 7.0.0 to 7.0.1 and later
If the setting is not manually updated after upgrading, the VPN connection will be established, but it will not be accessible from the internal network (office network). This setting change is necessary regardless of whether route-based or policy-based IPsec is used.
Add a static route for the IP range configured in
vpn l2tp. For example, if the L2TP setting in the previous version's root VDOM is:
config vpn l2tp set eip 126.96.36.199 set sip 188.8.131.52 set status enable set usrgrp "L2tpusergroup" end
Add a static route after upgrading:
config router static edit 1 set dst 184.108.40.206 255.255.255.0 set device "l2t.root" next end
Change the firewall policy source interface tunnel name to