Step 1, install necessary package
$ sudo apt-get install openswan xl2tpd
Step 2, create a backup of /etc/ipsec.conf file
$ sudo cp /etc/ipsec.conf /etc/ipsec.conf.bk
Step 3, copy the following to the config file and modify according to the comment
$ sudo vim /etc/ipsec.conf
version 2.0
config setup
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
nat_traversal=yes
oe=off
protostack=netkey
# replace eth1 below with your network interface
plutoopts="--interface=eth1"
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
# replace with your ip address below
left=your_ip_address
leftnexthop=%defaultroute
leftprotoport=17/1701
# replace with the server ip address below
right=server_ip_address
rightprotoport=17/1701
Note that in order to find out your network interface and ip address, you can simply do
$ ifconfig
Step 4, create a backup of /etc/ipsec.secrets
$ sudo cp /etc/ipsec.secrets /etc/ipsec.secrets.bk
Step 5, add the following line and modify according to the comment
$ sudo vim /etc/ipsec.secrets
# replace with your ip address, server ip address, and pre-shared key below
your_ip_address server_ip_address : PSK "pre-shared_key"
Step 6, create a backup of /etc/xl2tpd/xl2tpd.conf
$ sudo cp /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bk
Step 7, copy the following to the conf file and replace with the server ip address
$ sudo vim /etc/xl2tpd/xl2tpd.conf
[lac l2tpd]
lns = server_ip_address
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
Step 8, create /etc/ppp/options.l2tpd.client with the following and enter username and password
$ sudo vim /etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
replacedefaultroute
usepeerdns
debug
lock
connect-delay 5000
name user_name
password user_password
Step 9,create a route to the server by typing the following and replacing the values accordingly
$ sudo ip ro ad server_ip_address via your_default_gateway
In order to find out your default gateway, simply run
$ route
Step 10, you will need to restart the services in order to apply the changes in the settings
$ sudo invoke-rc.d ipsec restart
$ sudo invoke-rc.d xl2tpd restart
Step 11, create a shell file for connection
$ vim connect_l2tp.sh
ipsec auto --up LT2P-PSK
echo "c l2tpd" > /var/run/xl2tpd/l2tpd-control
Step 12, create a shell file for disconnection
$ vim disconnect_l2tp.sh
echo "d l2tpd" > /var/run/xl2tpd/l2tp-control
ipsec auto --down L2TP-PSK
Step 13, set the shell files excutable
$ sudo chmod u+x connect_l2tp.sh
$ sudo chmod u+x disconnect_l2tp.sh
You are finally ready! To establish the connection, simply run the shell
$ sudo ./connect_l2tp.sh
To disconnect, run the disconnect shell
$ sudo ./disconnect_l2tp.sh
Finally, you should be able to check the status via
$ ip link
where if connection has been established, then it will be indicated by link/ppp.
No comments:
Post a Comment