How to setup L2TP over IPSec VPN server (Ubuntu 16.04)
|
1 |
apt-get install strongswan xl2tpd |
# (optional, need to check ) apt-get install ppp libgmp3-dev bison flex
Edit /etc/ipsec.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# /etc/ipsec.conf — Openswan IPsec configuration file modified for Strongswan # (c) Kayama 2018 # Add connections here conn L2TP-IPSEC authby=secret rekey=no keyingtries=3 type=transport esp=aes128-sha1 ike=aes128-sha-modp1024 ikelifetime=8h keylife=1h left=XXX.XXX.XXX.XXX # your router’s external IP leftprotoport=17/1701 right=%any rightprotoport=17/%any rightsubnet=0.0.0.0/0 auto=add dpddelay=30 dpdtimeout=120 dpdaction=clear #force all to be nat’ed. because of iOS forceencaps=yes |
Edit /etc/ipsec.secrets
|
1 2 3 4 5 |
# This file holds shared secrets or RSA private keys for authentication. # RSA private key for this host, authenticating it to any other host # which knows the public part. : PSK “TypeYourPassPhraseHere” |
Edit /etc/ppp/options.xl2tpd
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
require-mschap-v2 refuse-mschap ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts idle 1800 mtu 1410 mru 1410 connect-delay 5000 lock hide-password local #debug modem name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4 |
Edit /etc/xl2tpd/xl2tpd.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[global] ipsec saref = no debug tunnel = no debug avp = no debug network = no debug state = no access control = no rand source = dev port = 1701 auth file = /etc/ppp/chap-secrets [lns default] ip range = 192.168.1.10-192.168.1.20 local ip = 192.168.1.1 require authentication = yes name = l2tp pass peer = yes ppp debug = no length bit = yes refuse pap = yes refuse chap = yes pppoptfile = /etc/ppp/options.xl2tpd |
And finally add password to the /etc/ppp/chap-secrets file
|
1 2 3 4 |
test l2tpd TestTest “*” service xl2tpd restart service ipsec restart |
Everything should work fine!
Upd. 2022.01