How to setup L2TP over IPSec VPN server (Ubuntu 16.04)

apt-get install strongswan xl2tpd
# (optional, need to check ) apt-get install ppp libgmp3-dev bison flex

 

Edit /etc/ipsec.conf

# /etc/ipsec.conf — Openswan IPsec configuration file modified for Strongswan
# (c) Kayama 2018
# Add connections here

conn L2TP-IPSEC
    authby=secret
    rekey=no
    keyingtries=3
    type=transport
    esp=aes128-sha1
    ike=aes128-sha-modp1024
    ikelifetime=8h
    keylife=1h
    left=XXX.XXX.XXX.XXX # your router's external IP 
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    rightsubnet=0.0.0.0/0
    auto=add
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    #force all to be nat'ed. because of iOS
    forceencaps=yes

 

Edit /etc/ipsec.secrets

# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.

: PSK "TypeYourPassPhraseHere"

 

Edit /etc/ppp/options.xl2tpd 

require-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
idle 1800
mtu 1410
mru 1410
connect-delay 5000
lock
hide-password
local
#debug
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

  

Edit /etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = no
debug tunnel = no
debug avp = no
debug network = no
debug state = no
access control = no
rand source = dev
port = 1701
auth file = /etc/ppp/chap-secrets

[lns default]
ip range = 192.168.1.10-192.168.122.20
local ip = 192.168.1.1
require authentication = yes
name = l2tp
pass peer = yes
ppp debug = no
length bit = yes
refuse pap = yes
refuse chap = yes
pppoptfile = /etc/ppp/options.xl2tpd

 

And finally add password to the /etc/ppp/chap-secrets file

test    l2tpd     TestTest      "*"

 

Everything should work fine!

 

Чт, 24 июля 2014, 14:21

Very fast urgent setup PPTP VPN Server on Debian

Very fast urgent setup PPTP VPN Server on Debian system

 

sudo apt-get update
sudo apt-get upgrade

Add to /etc/network/interfaces

# VPN
auto eth0:1
iface eth0:1 inet static
address 192.168.0.1
netmask 255.255.255.0
post-up /etc/nat

sudo service networking restart

Add to /etc/resolv.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

And add to /etc/nat

#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward # Enable forwarding
iptables -t nat -A POSTROUTING -s 192.168.0.0/24  -o eth0 -j MASQUERADE

sudo chmod +x /etc/nat

sudo apt-get install pptpd

Edit /etc/pptpd.conf

option /etc/ppp/pptpd-options 
localip 192.168.0.1
remoteip 192.168.0.100-200

And edit /etc/ppp/pptpd-options

auth
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
nodefaultroute
debug
lock
nobsdcomp

Add accounts to /etc/ppp/chap-secrets

# client server secret IP addresses
user pptpd password "*"

sudo service pptpd restart

 

That's all, folks! 

But it's best to spend more time and configure OpenVPN ;-)

Enjoy and stay tuned!