How to connect to L2TP over IPSec VPN?
Update:
A PPA exists now for network-manager-l2tp:
You can use
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp
To install the network manager l2tp that supports L2TP for Ubuntu 16.04
Walkthrough for building from source: http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
Old Answer
Another solution is to use network-manager-l2tp. You can get it from https://github.com/nm-l2tp/network-manager-l2tp.
For installation walk-through: http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
It works for Ubuntu 16.04
The first comment is probably the answer for most of us, except, maybe, some real experts:
"Seems there is no easy way anymore to establish a L2tp VPN connection since OpenSwan has been deprecated and removed in Ubuntu 14.10. Need it myself, found no working solution after months of sporadic research. – derFunk May 21 at 18:11"
No solution seems to be planned, see https://wiki.strongswan.org/issues/254. Another needed functionality removed from Ubuntu.
Patch NM-L2TP package with script
#!/bin/bash
CUR_PATH=$(dirname $(readlink -f $0))
TMP_PATH=/tmp/nm-l2tp
mkdir ${TMP_PATH}
cd ${TMP_PATH}
wget https://launchpad.net/~seriy-pr/+archive/ubuntu/network-manager-l2tp/+build/6512073/+files/network-manager-l2tp_0.9.8.5-0utopic1_amd64.deb
ar vx network-manager-l2tp_0.9.8.5-0utopic1_amd64.deb
mkdir new
tar -xpvf data.tar.xz -C ./new
mv ./new/usr/lib/pppd/2.4.5 ./new/usr/lib/pppd/2.4.6
sed -i 's/2.4.5/2.4.6/g' ./new/usr/lib/NetworkManager/nm-l2tp-service
sed -i 's/2.4.5/2.4.6/g' ./new/usr/lib/pppd/2.4.6/nm-l2tp-pppd-plugin.so
mkdir new/DEBIAN
tar -xpvf control.tar.gz -C ./new/DEBIAN
sed -i 's/, ppp (<< 2.4.6)//g' ./new/DEBIAN/control
sed -i 's/0utopic1/0vivid1/g' ./new/DEBIAN/control
rm ./new/DEBIAN/md5sums
dpkg-deb -b ./new/ ${CUR_PATH}/network-manager-l2tp_0.9.8.5-0vivid1_amd64.deb
rm -rf ${TMP_PATH}
Then download and install an appropriate Openswan package from the http://www.ubuntuupdates.org/pm/openswan and run the following commands
sudo apt-get update
sudo dpkg -i network-manager-l2tp_0.9.8.5-0vivid1_amd64.deb
sudo service xl2tpd stop
sudo update-rc.d xl2tpd disable
Then just go to the Network manager, choose VPN connections and create l2tp. You need only set up a username, password and the IPSec PSK in the IPSec additional settings.
Part taken from this answer
Another workaround, tested on 15.10, should work on 15.04 also. Requires manual editing of conffiles and manual establishing connection.
- leave original strongswan from ubuntu repo
- remove xl2tpd package (U can try with xl2tpd but on my computer xl2tpd crashed with segfault on every start)
- install openl2tpd from: ftp://ftp.openl2tp.org/releases/openl2tp-1.8/debian-squeeze/openl2tp_1.8-1_amd64.deb
- edit /etc/ipsec.conf:
config setup
strictcrlpolicy=yes
conn %default
ikelifetime=30m
keylife=15m
rekeymargin=3m
keyingtries=1
mobike=no
dpdaction=restart
dpddelay=30
dpdtimeout=120
conn MYSERVER
left=192.168.101.157
leftprotoport=17/1701
right=77.78.79.80 # public IP of VPN gw
rightprotoport=17/1701
authby=secret
type=transport
keyexchange=ikev1
auto=route
- edit /etc/ipsec.secrets:
: PSK "StrongPSKgivenByProvider"
- edit (or create) /etc/openl2tpd.conf:
ppp profile modify profile_name=default \
auth_eap=no auth_mschapv1=no auth_mschapv2=no
tunnel create tunnel_name=MYSERVER \
dest_ipaddr=77.78.79.80 \
hello_timeout=10 \
retry_timeout=10 \
max_retries=60 \
persist=yes
session create session_name=MeOnMYSERVER \
tunnel_name=MYSERVER \
interface_name=ppp1 \
user_name=MyLogin \
user_password=MyPassword
-
restart and test ipsec:
ipsec restart ipsec status -
output should be like this:
Routed Connections: MYSERVER{1}: ROUTED, TRANSPORT MYSERVER{1}: 192.168.101.157/32[udp/l2f] === 77.78.79.80/32[udp/l2f] Security Associations (0 up, 0 connecting): none -
connect
sudo service openl2tpd restart sudo route add -net {net_behing_VPN_gateway/mask} gw {local_IP_of_VPN_gw}
Hope this helps someone.