setup VPN(l2tp over ipsec) on ubuntu with linode vps

introduction

usage tools:

1. openwan

    *provide ipsec ability*
2. ppp

    *suport for ppp*
3. xl2tpd

    *support for l2tp*

step

install openwan

apt-get install openswan

edit /etc/ipsec.conf

/etc/ipsec.conf

version 2.0

config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey

conn l2tp-psk-nat
    rightsubnet=vhost:%priv
    also=l2tp-psk-nonat

conn l2tp-psk-nonat
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=%YOUR SERVER IP ADDRESS%
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any

edit /etc/ipsec.secrets

/etc/ipsec.secrets

%YOUR SERVER IP ADDRESS% %any: psk "7758521"

install ppp

apt-get install ppp

edit /etc/ppp/options.xltpd

/etc/ppp/options.xltpd

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
mode
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

edit /etc/ppp/chap-secrets

/etc/ppp/chap-secrets

%YOUR USER NAME% l2tpd %YOUR PASSWORD% *

install xl2tpd

apt-get install xl2tpd

edit /etc/xl2tpd/xl2tpd.conf

/etc/xl2tpd/xl2tpd.conf

[global]
    ipsec saref = no

[lns default]
    ip range = 106.186.21.200-106.186.21.255
    local ip = %YOUR SERVER IP ADDRESS%
    ;require chap = yes
    refuse chap = yes
    refuse pap = yes
    require authentication = yes
    ppp debug = yes
    pppoptfile = /etc/ppp/options.xl2tpd
    length bit = yes

setup init script

edit /etc/rc

/etc/rc

iptables –table nat –append POSTROUTING –jump MASQUERADEecho 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart

Blog of Yangjing Zhang

a technology ascetic monk

Setup VPN(l2tp Over Ipsec) on Ubuntu With Linode Vps

introduction

step

link