Friday, December 11, 2015

Connect to L2TP/IPSEC server (VPN) from Ubuntu

Step 1, install necessary package
$ sudo apt-get install openswan xl2tpd

Step 2, create a backup of /etc/ipsec.conf file
$ sudo cp /etc/ipsec.conf /etc/ipsec.conf.bk

Step 3, copy the following to the config file and modify according to the comment
$ sudo vim /etc/ipsec.conf

version    2.0

config setup
       virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 
       nat_traversal=yes
       oe=off
       protostack=netkey
       # replace eth1 below with your network interface
       plutoopts="--interface=eth1"
   
conn L2TP-PSK
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
        rekey=yes
        ikelifetime=8h
        keylife=1h
        type=transport

        # replace with your ip address below
        left=your_ip_address
        leftnexthop=%defaultroute
        leftprotoport=17/1701

        # replace with the server ip address below
        right=server_ip_address
        rightprotoport=17/1701

Note that in order to find out your network interface and ip address, you can simply do
$ ifconfig

Step 4, create a backup of /etc/ipsec.secrets
$ sudo cp /etc/ipsec.secrets /etc/ipsec.secrets.bk

Step 5, add the following line and modify according to the comment
$ sudo vim /etc/ipsec.secrets

# replace with your ip address, server ip address, and pre-shared key below
your_ip_address server_ip_address : PSK "pre-shared_key"


Step 6, create a backup of /etc/xl2tpd/xl2tpd.conf
$ sudo cp /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bk

Step 7, copy the following to the conf file and replace with the server ip address
$ sudo vim /etc/xl2tpd/xl2tpd.conf

[lac l2tpd]
lns = server_ip_address
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes



Step 8, create /etc/ppp/options.l2tpd.client with the following and enter username and password
$ sudo vim /etc/ppp/options.l2tpd.client

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
replacedefaultroute
usepeerdns
debug
lock
connect-delay 5000
name user_name
password user_password



Step 9,create a route to the server by typing the following and replacing the values accordingly
$ sudo ip ro ad server_ip_address via your_default_gateway

In order to find out your default gateway, simply run
$ route


Step 10, you will need to restart the services in order to apply the changes in the settings
$ sudo invoke-rc.d ipsec restart
$ sudo invoke-rc.d xl2tpd restart


Step 11, create a shell file for connection
$ vim connect_l2tp.sh

ipsec auto --up LT2P-PSK
echo "c l2tpd" > /var/run/xl2tpd/l2tpd-control

Step 12,  create a shell file for disconnection
$ vim disconnect_l2tp.sh

echo "d l2tpd" > /var/run/xl2tpd/l2tp-control
ipsec auto --down L2TP-PSK


Step 13, set the shell files excutable
$ sudo chmod u+x connect_l2tp.sh
$ sudo chmod u+x disconnect_l2tp.sh


You are finally ready! To establish the connection, simply run the shell
$ sudo ./connect_l2tp.sh


To disconnect, run the disconnect shell
$ sudo ./disconnect_l2tp.sh


Finally, you should be able to check the status via
$ ip link
where if connection has been established, then it will be indicated by link/ppp.

No comments:

Post a Comment