Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Set up an IPSEC/L2TP vpn on your Ubuntu 12.10 (or 12.04) VPS with openswan,. xl2tpd and ppp
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Set up an IPSEC/L2TP vpn on your Ubuntu 12.10 (or 12.04) VPS with openswan,. xl2tpd and ppp

    RaymiiRaymii Member
    edited February 2013 in General

    I've updated my guide on howto setup a VPN with L2TP and IPSEC to the latest ubuntu version:

    This is a guide on setting up a IPSEC/L2TP vpn on Ubuntu 12.10 using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp for authentication. We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPN’s.

    IPSec encrypts your IP packets to provide encryption and authentication, so no one can decrypt or forge data between your clients and your server. L2TP provides a tunnel to send data. It does not provide encryption and authentication though, that is why we need to use it together with IPSec.

    Read more:
    https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.10.html

    Thanks to @AnthonySmith for the VPS this time, can now confirm that it works both on KVM (via @George_Fusioned ) and on Xen (I think IH uses PV, not HVM).

    Quis custodiet ipsos custodes?
    https://raymii.org - https://cipherli.st

    Comments

    • Out of curiosity, do you have it as a shell script? if not, I can help with that

    • Yea, an automate shell script would be nice :)

      I'm Good!

    • @Asim @Fritz I can make a script out of it very quickly, just wondering about the username/passwords/psk part. And, probably I don't have time to do it...

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • @Raymii said: I've updated my guide on howto setup a VPN with L2TP and IPSEC to the latest ubuntu version:

      How is your guide compared to this http://library.linode.com/networking/openvpn/debian-6-squeeze ?
      I'm in the process of setup a VPN with that tutorial.

      ...............

    • OpenVPN requires installation of a client. IPSEC/L2TP is built in to windows, mac, linux, iPhone and iPad, so it requires not extra client installations.

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • lpnlpn Member
      edited November 2012

      @Raymii said: OpenVPN requires installation of a client. IPSEC/L2TP is built in to windows, mac, linux, iPhone and iPad, so it requires not extra client installations.

      Also, that there is no OpenVPN client for non-jailbroken iOS devices (somebody correct me if I am wrong). There is GuizmOVPN, but that is for jailbroken devices only.

    • @Raymii @lpn
      Thanks!
      How about the server load?

      ...............

    • It runs fine on a 64MB Ubuntu server. (Which is not doing anything else).

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • @Raymii
      Is it possible to proxying/tunneling bittorrent using this?

      ...............

    • @kampung yes, perfectly possible. All traffic goes trough the tunnel.

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • edited February 2013

      hello, @raymii i allready follow all step in that tutorial..but stiil doesnt connect from client..what should i do?

    • @erlanggafadilla you should find out where the problem is. On the tutorial page there are a few pointers to log files you can check. If you've found errors, then google is quite a good friend to find solutions to that errors.

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • @Raymii the link in your thread leads me to a 404 error. this one here works https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.10.html

    • @Kornnflake thanks for mentioning that. It should be a redirect, I'll have to look into that.

      @Liam could you please edit the opening post with the correct link or allow me to edit it?

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • Are there any possibilites running L2TP server on OVZ?

    • @Liam said: Fixed.

      @Liam Thanks :D

      @derrys said: Are there any possibilites running L2TP server on OVZ?

      @derrys L2TP will run, IPSEC won't because of a custom kernel module. For OpenVZ you can try a PPTP vpn (TUN/TAP) or run it on a XEN/KVM VPS.

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • For those using CentOS 6 /RHEL 6, thanks to @Raymii, there is also a tutorial entitled IPSEC/L2TP VPN on CentOS 6 / Red Hat Enterprise Linux 6 / Scientific Linux 6

    • edited February 2013

      @raymii when i try to connect from windows vista the mesage like this :
      error 789 : the L2TP connection attempt failed because the security layer encountered a processing during initial negotiations with the remote computer..my server used ubuntu 12.10

    • @Netadmin thanks for the plug!

      @erlanggafadilla server logs.

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • @raymii this is mine
      [email protected]:/# tail /var/log/syslog
      Feb 15 16:13:05 unsoed-Aspire-M1610 kernel: [ 7934.577390] NET: Registered protocol family 15
      Feb 15 16:13:05 unsoed-Aspire-M1610 ipsec_setup: Using NETKEY(XFRM) stack
      Feb 15 16:13:05 unsoed-Aspire-M1610 kernel: [ 7934.716632] Initializing XFRM netlink socket
      Feb 15 16:13:05 unsoed-Aspire-M1610 ipsec_setup: ...Openswan IPsec started
      Feb 15 16:13:05 unsoed-Aspire-M1610 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
      Feb 15 16:13:05 unsoed-Aspire-M1610 pluto: adjusting ipsec.d to /etc/ipsec.d
      Feb 15 16:13:05 unsoed-Aspire-M1610 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
      Feb 15 16:13:05 unsoed-Aspire-M1610 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
      Feb 15 16:13:05 unsoed-Aspire-M1610 ipsec__plutorun: 003 "/var/lib/openswan/ipsec.secrets.inc" line 1: error loading RSA private key file
      Feb 15 16:17:01 unsoed-Aspire-M1610 CRON[8910]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    • @raymii this things i found in server log :
      packet from 10.0.8.1:500: initial Main Mode message received on 192.168.200.194:500 but no connection has been authorized with policy=PSK

      i'm still searching for the solution

      can you help me?

    • @lpn said: Also, that there is no OpenVPN client for non-jailbroken iOS devices (somebody correct me if I am wrong). There is GuizmOVPN, but that is for jailbroken devices only.

      Consider yourself corrected:
      https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8
      I have used it, not the easiest setup and it REQUIRES certificates even if your connection doesn't. But it does work and the performance is pretty good.

    • IPSEC/L2TP is a pain in the butt to setup. Id suggest going with OpenVPN.. it's probably one of the most secure solutions do and is easier to setup imo. + with the release of iOS ((and android??) why not?

    • currently i'm using openvpn and openvpnas for my android. so i will try this tutorial tonight. thanks raymii

    • dnwkdnwk Member

      I follow this tutorial on Ubuntu. However, ipsec/l2tp not even listen to the port

      Designers: www.linkun.info

    • MunMun Member without signature

      @Raymii is there a client side tutorial for ubuntu / debian as well?

      Mun

    • Thanks for this. I'm new to Linux, and while I've picked up most things fairly quickly, configuring L2TP has been a surprisingly persistent pain in the ass.

    • @Mun said:
      Raymii is there a client side tutorial for ubuntu / debian as well?

      As long as you have networkmanager installed it should be available in there.

      Mun

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • MunMun Member without signature

      @raymii

      I am running this on two servers, last time I checked network manager was GUI based.

      Mun

    • @Mun said:
      raymii
      I am running this on two servers, last time I checked network manager was GUI based.

      I am running this on two servers, last time I checked network manager was GUI based.

      I've not yet used a server as a vpn client. I always use a combination of firewalling and vlans, where the firewall has the site-to-site vpn's and also handles the ACL's and such. I don't think I can help you with this one.

      Quis custodiet ipsos custodes?
      https://raymii.org - https://cipherli.st
    • MunMun Member without signature

      @Raymii said:
      I've not yet used a server as a vpn client. I always use a combination of firewalling and vlans, where the firewall has the site-to-site vpn's and also handles the ACL's and such. I don't think I can help you with this one.

      Alright, thanks :)

    Sign In or Register to comment.