How To Install Setup L2TP over IPsec VPN in Debian Lenny


In this how to, I am going to share how to install setup L2TP over IPsec VPN in Debian Lenny using openswan and xl2tpd package. I am going to use Pre-Shared Key (PSK) in IPsec and CHAP as an authentication mechanism. This how to has been tested on iPad 2, Mac OS X Lion and Windows 7. However, if you tested this how to with other OSes and smartphones, I would like to hear from you in the comments.

I am using Hostigation KVM for this how to. Let’s get started and I am using root.

1. Install Openswan using command below in Debian Lenny (answer the default questions asked): -
# aptitude install openswan

2. Add the below configuration to /etc/ipsec.conf file: -
# basic configuration
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
nhelpers=0
protostack=netkey

# Add connections here
conn L2TP-PSK-CLIENTS
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
left=%defaultroute
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightsubnet=vhost:%priv,%no
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

3. Next, enter your prefer Pre-Shared Key (PSK) to /etc/ipsec.secrets file below: -
YourIPHere %any: PSK "sharedsecrethere"

4. Then, restart IPsec service using command below: -
# /etc/init.d/ipsec restart

5. Then, configure the Linux Kernel using command below: -
# for each in /proc/sys/net/ipv4/conf/*; do echo 0 > $each/accept_redirects; echo 0 > $each/send_redirects; done

6. By now, IPsec configuration is done and you can verify it and you must get no errors using command below: -
# ipsec verify

7. Install xl2tpd using the command below in Debian Lenny: -
# aptitude install xl2tpd

8. Add the below xl2tpd configuration to /etc/xl2tpd/xl2tpd.conf file: -
[lns default]
ip range = 10.20.30.2-10.20.30.254
local ip = 10.20.30.1
require chap = yes
require authentication = yes
refuse pap = yes
name = LinuxVPNserver
hostname = YourVPNHostname
ppp debug = yes
length bit = yes
pppoptfile = /etc/xl2tpd/ppp-options.xl2tpd

9. Add the below PPP configuration to /etc/xl2tpd/ppp-options.xl2tpd file: -
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
ms-dns 8.8.4.4
ms-dns 8.8.8.8
name l2tpd
lcp-echo-interval 30
lcp-echo-failure 4
logfile /var/log/ppp.log

10. Configure CHAP as the above xl2tpd configuration only require CHAP and not PAP by modify /etc/ppp/chap-secrets file as below: -
username l2tpd password *

11. Next, enable routing in Linux Kernel using command below: -
# echo 1 > /proc/sys/net/ipv4/ip_forward

12. Next, configure the Linux firewall (iptables) to enable masquerading (Internet sharing) using command below: -
# iptables -t nat -A POSTROUTING -o eth0 -s 10.20.30.0/24 -j MASQUERADE

Resources:

1 comments:

Anonymous said...

Nice post. I was checking constantly this blog and I am impressed!
Extremely helpful info particularly the last part
:) I care for such info much. I was seeking this
particular information for a very long time. Thank you and good luck.



my homepage ... new payday loan lenders

Post a Comment