configure

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description ike
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <L2TP_secret>

set vpn l2tp remote-access client-ip-pool start  <client-ip-pool-start>
set vpn l2tp remote-access client-ip-pool stop <client-ip-pool-end>
set vpn l2tp remote-access dns-servers server-1 <client-ip-DNS-1>
set vpn l2tp remote-access dns-servers server-2 <client-ip-DNS-2>

set vpn l2tp remote-access outside-address <router-external-ip>
set vpn ipsec ipsec-interfaces interface <router-external-if>

set vpn l2tp remote-access authentication mode radius
set vpn l2tp remote-access authentication radius-server <RadiusIP> key <RadiusKEY>

OR

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <username> password <secret>

commit

Source/copyleft/copyright: https://help.ubnt.com/hc/en-us/articles/204950294

Hint

Don’t use passwords with chars such as [ ] ( ) { } or similar